Linux Today: Linux News On Internet Time.

NewsBytes: 'Happy Hacker' Drops A Bomb On Security Experts

Sep 24, 2001, 13:17 (22 Talkback[s])
(Other stories by Brian McWilliams)
"On Wednesday, the 14,300-strong subscribers to a popular security list known as Vuln-Dev received what may have appeared a rare treat: a message to the list containing source code to a program that gave the user full control of a remote Unix system.

The message, apparently from Carolyn Meinel, a computer security consultant and author of a book called "The Happy Hacker," claimed the code exploited a vulnerability in the latest version of WU-FTPD, a file transfer program used by many sites around the world. A copy of the code, wu261.c, was also available at Meinel's site, techbroker.com.

But as some Vuln-Dev readers, many of whom are system administrators for businesses, painfully learned, the program was a Trojan horse, and if compiled and run, could delete most of the files on the user's computer."

Complete Story