Exploited Exploits

Someone on the security mailinglist Full-Disclosure has posted an interesting warning regarding proof-of-concept exploit code. It seems that multiple published exploits have been replaced with more malicious versions by unknown attackers.

The attackers replaced the shellcode in the demo exploits (which usually opens a root-shell) with more malicious versions like 'rm -rf /*'. As such shellcode usually consists of hex-encoded assembler instructions, most people don't have the slightest chance to understand it, and hence cannot verify what it really does. People who want to "just try out whether I'm vulnerable", might end up with a wiped hard drive (or worse).

The lesson (one of them, that is) we should learn here is to never execute any code we don't trust and/or fully understand.

(via Heise)

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Don't trust anybody!

I just downloaded a copy of the latest linux kernel and started to read my way through it. I have already switched back to the console which will save me some time to read all the gnome sources. As a beginning I have replaced emacs with nano - a quick read during lunch break. Don't trust anybody! ;-)