Security geek developing WinXP raw socket exploit

posted onJune 13, 2001
by hitbsecnews

Security specialist Steve Gibson has created quite a fracas with his
increasingly vocal opposition to the raw-socket connectivity planned
for Windows-XP, and upon which he bases predictions of
impending chaos for the entire Internet, so he's decided to exploit
the very threat he claims will make the Internet permanently unstable.

The raw sockets which have Gibson so steamed enable a machine
to send or capture data independent of the operating system -- quite
handy if you're a software developer or an advanced hobbyist. And
while it's true that this also enhances the packet-flooding
capabilities of a Windows machine by making it easy to spoof
packets, it's also true that this function is already included in most
other operating systems, and can be added to an existing Win-9x,
'ME, or '2K machine quite easily with a library called WinPcap.

All right, we'll allow that there'll be a few s'kiddies who might prefer
to use their Win-XP boxes for such purposes. But they can already
do so simply by installing Linux and doing a bit of reading.

There will also be more Windows clients available for malicious
misuse as 'XP grows in popularity; but one can already do heaps of
packeting from Windows machines with SubSeven, and even launch
the attack in bulk from IRC.

True, the boxes will eventually be found because their IPs are
traceable, and admins will contact the owners and let them know
they're infected -- but only long after the damage is done. Raw
sockets in 'XP only marginally improve the situation for a malicious
party. We really don't see an immense growth in packeting on the
horizon.

Gibson, on the other hand, tells it like a loner in the desert, living, we
would imagine, on locusts and wild honey for a bit too long a time.

After being packeted into submission last month by a
thirteen-year-old computer enthusiast called "Wicked", he's become
obsessed with the mission of dissuading Microsoft from outfitting
'XP with the same capabilities as most of its competitors.

He's written thousands of words on his Web site, denouncing
Microsoft for putting something like real power into a consumer
operating system. He's written memos to the company; he's warned
all his site's visitors; but he's still not satisfied. The "XP Christmas of
Death" is coming, he warns, immediately after which all the little
s'kiddies will gleefully baptize us with fire.

According to Gibson's paranoid delusions, everyone with a
computer is a potential criminal, and the only reason the entire Net
population hasn't yet exploded in some mass orgy of evil is because
Microsoft has thus far refrained from unleashing the uncontrollable
power of the raw socket.

He'll show the bastards
Unfortunately, not enough of the right people are listening to him with
the proper degree of attentiveness. So he's decided to show the
bastards: Gibson is developing a free tool which he calls
'Spoofarino'.

"We need a tool to hold ISPs accountable and publicly demonstrate
individual ISP irresponsibility," Gibson says.

"Given the universal reluctance they have demonstrated so far, I
believe that only active public scrutiny will bring about the changes
required to insure [sic] a reliable and secure future for the Internet."

From that we infer that Spoofarino will enable Netizens to test
whether or not their ISP allows them to send spoofed packets to
Gibson's site. We imagine that any ISP which fails to filter outbound
spoofed packets will be identified for a solid public shaming.

It sounds like a tool with which one could generate raw packets,
though probably in a controlled manner. But if that's the case, it
would lay much of the ground work for an EZ malicious version
leveraging the very threat Gibson is decrying.

"The threat represented by Microsoft's forthcoming Windows-XP
operating system, with its confirmed ability to easily generate
malicious Internet traffic -- for NO good reason -- can not be
overstated," he warns.

"The proper executives within Microsoft MUST be reached with this
message so that those plans can be reviewed in light of the
potential for their system's massive abuse of the inherently trusting
Internet."

And so Steve Gibson is going to show us all.

The Register

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs