There was going to be a presentation on a javascript XSS exploit in one of SixApart's most popular websites right afterwards too that sorta had to be called off at the last minute.
So that the next day, a coworker wonders why that "safe, unconnected" machine you set up to play with this isn't plugged in, and "fixes" the problem real quick, so that all the network lights on the panel in back match again...
Still think this one was intended for disgruntled admins to install; its an obvious fake, but if installed by a disgruntled admin, it only has to look real enough to fool a jury or a boss (just in case).
Gee, no wonder RH was on top of this -1 days from the slashdot posting.
That means it was right there in their server's REFERER logs from the very instant it first happened!
I hate to say this, but in all fairness, I don't think anyone EVER gave Microsoft a heads up like that did they?
Now granted, Microsoft is still the company that witholds a responce to a security incident until it makes the 6-o-clock TV news. I'm just saying that this incident doesn't necessarily make RedHat saints...
Maybe its intended for disgruntled workers at said businesses, and therefore, should obviously be a trojan to anyone with a clue, but yet look legitimate enough that a jury would buy it.
Slashdot Mirror
There was going to be a presentation on a javascript XSS exploit in one of SixApart's most popular websites right afterwards too that sorta had to be called off at the last minute.
So that the next day, a coworker wonders why that "safe, unconnected" machine you set up to play with this isn't plugged in, and "fixes" the problem real quick, so that all the network lights on the panel in back match again... Still think this one was intended for disgruntled admins to install; its an obvious fake, but if installed by a disgruntled admin, it only has to look real enough to fool a jury or a boss (just in case).
Gee, no wonder RH was on top of this -1 days from the slashdot posting. That means it was right there in their server's REFERER logs from the very instant it first happened! I hate to say this, but in all fairness, I don't think anyone EVER gave Microsoft a heads up like that did they? Now granted, Microsoft is still the company that witholds a responce to a security incident until it makes the 6-o-clock TV news. I'm just saying that this incident doesn't necessarily make RedHat saints...
Good thing they left all those comments in there, makes it much easier to read once decrypted, huh?
Heres a thought
Maybe its intended for disgruntled workers at said businesses, and therefore, should obviously be a trojan to anyone with a clue, but yet look legitimate enough that a jury would buy it.