Back Orifice Client Reports to Netninja.com!
pchelp
Although the cDc claims of Netninja.com that they are "people we've
never even heard of," (http://www.cultdeadcow.com/tools/) in fact the BO
GUI client program (and possibly the DOS and Unix versions also)
ROUTINELY SENDS TCP PACKETS TO WWW.NETNINJA.COM each time it completes a
subnet ping sweep.
The contents of these packets are as yet unknown to me. I welcome any
and all information anyone can provide on this, which I will attribuite
to its source and place on my website.
Pierre Vandevenne
>The contents of these packets are as yet unknown to me. I welcome any
>and all information anyone can provide on this, which I will attribuite
>to its source and place on my website.
I've produced a complete disassembly of those files - automatic, no manual
tweaking though. If you want to have a look, let me know and I'll make the
listings available.
Pierre
Pierre Vandevenne
http://www.datarescue.com
IDA Pro 3.76 released
Pierre Vandevenne
>Oh, BTW, the UNIX version COMES WITH SOURCE CODE.
>Another dim bulb brightens; another mystery solved.
>(Sorry for being rude, but how could you miss something like this?)
Well, the fact that the Unix version comes with source code doesn't imply that
the windows 95 version if trojan free. As a matter of fact, the UNIX source
code may have been released to lure people into thinking the Win95 version is
trojan free... ;-)
I know this is somewhat far fetched, but that illustrates an important point
with trust : once it is shaken, everything looks suspicious. Why would anyone
trust the manual in such a case ? Why would anyone trust web pages ? Why would
anyone trust that the complete truth is told.
Is there anything that makes BO so special that it deserves to be trusted
more than other things ? Consider SSH for example : eventhough it is
published, documented and its source is available, people keep analyzing it
and from time to time discover weaknesses : what is wrong with that ?