Full Disclosure mailing list archives
RE: Unusual request
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 13 Feb 2003 07:36:33 -0600
Thanks to all who offered suggestions. I don't know why I couldn't remember "unicode" when I was googling, but then I've read thousands of man pages and docs since then, and my mind can only hold so much information. :-) What I plan to do is load a box with a default install of IIS and use a web browser based attack to demonstrate how easily a box can be compromised when it's unpatched. (I'll probably just deface a web page.) Since the audience will be "normal" users, I expect most of them to be astounded and incredulous, which is why I wanted to use something very simple to understand. If I ran a program through a netcat session, I suspect many of them wouldn't get it, but if I type a URL into a browser, I *hope* they will all see that *anyone* could do that, even with very little knowledge of exploits or security practices. And before you ask, no the box will not be connected to our LAN. Otherwise it would get Code Red and Nimda before I could even complete my demonstration. :-) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Unusual request, (continued)
- Re: Unusual request Day Jay (Feb 13)
- Re: Unusual request Henrik Lund Kramshøj (Feb 15)
- RE: Unusual request Sung J. Choe (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request Nexus (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request aeonflux (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- RE: Unusual request Steve Wray (Feb 12)
- RE: Unusual request Paul Schmehl (Feb 13)
- RE: Unusual request badpack3t (Feb 13)