Information Security News mailing list archives
Re: Counterspy
From: Dave Dittrich <dittrich () CAC WASHINGTON EDU>
Date: Thu, 25 Jan 2001 08:19:00 -0800
On Wed, 24 Jan 2001, InfoSec News wrote:
http://www.forbes.com/forbes/2001/0205/130.html Srikumar S. Rao Forbes Magazine 02.05.01 Michael Lyle has no problem stooping to the hacker's level in the information war. During one of his frequent 3 a.m. prowls on Internet Relay Chat, the 21-year-old chief technology officer of Recourse Technologies came across a braggart who claimed to have shut down a site. The hacker spoke of a tool called Mstream that bombards servers with junk data from many different sources. Posing as a hacker named Icee, Lyle swapped some code for a copy of Mstream. Within a week he had reverse-engineered it, and sent out a warning to his colleagues in the security community.
I have to stop right there. There is definately some stooping and bragging going on, but I don't think Mr. Rao portrays that acurately. I'm starting to get a little tired of people claiming the work of other people to make a buck. Ethics seems to be sorely lacking these days.
From the bugtraq archives:
Subject: Source code to mstream, a DDoS tool Date: Sat Apr 29 2000 20:48:41 Author: Anonymous User < nobody () lobeda jena thur de > Message-ID: <200004291748.TAA13203 () lobeda jena thur de> Subject: Re: Source code to mstream, a DDoS tool Date: Mon May 01 2000 15:08:15 Author: Dave Dittrich < dittrich () cac washington edu > Message-ID: <Pine.GUL.4.21.0005011351460.11047-100000 () red7 cac washington edu> In-Reply-To: <200004291748.TAA13203 () lobeda jena thur de> I don't see any post by Mr. Lyle. (Perhaps Mr. Lyle is "anon" who posted the mstream source code - posting source is far from reverse engineering and publishing an analysis.) Read the following analysis (published on May 1, 2000, with copyright statement included) and you can see the results of reverse engineering mstream, captured from live systems on which it was installed (not bartered on IRC): http://staff.washington.edu/dittrich/misc/mstream.analysis.txt That analysis *is* the result of close to two weeks of effort (unpaid) by those involved (including Andrew Korty and others at Indiana University). If Mr. Lyle was part of the IU group, he is still not entitled to lay sole claim to this. CNN published an article at the time: http://www.cnn.com/2000/TECH/computing/05/02/new.ddos.tool/index.html I don't see Mr. Lyle's name mentioned in this article, either. Try a Google search: http://www.google.com/search?q=Lyle+mstream&hl=en&lr=&safe=off Promotion should not pass for journalism, and claims should not pass for. I would hope that a magazine like Forbes would at least do some fact checking before running articles like this. (P.S. I tried to find an email address for Mr. Rao, and called a number listed on several web pages, but could not contact him directly. Forbes editor: Please pass these comments along.) -- Dave Dittrich Computing & Communications dittrich () cac washington edu Client Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Counterspy InfoSec News (Jan 24)
- Re: Counterspy Dave Dittrich (Jan 25)
- Re: Counterspy Aleph One (Jan 29)
- <Possible follow-ups>
- Re: Counterspy Robert G. Ferrell (Jan 25)
- Re: Counterspy Bud Rogers (Jan 25)
- Re: Counterspy Baines, Thomas B. (Jan 25)
- Re: Counterspy Dave Dittrich (Jan 25)