[Full-Disclosure] Veriscum badness...
smacdougall at idanalytics.com
Wed Sep 17 23:31:41 BST 2003
Hmmm, couldn't somebody so motivated create a distributed tool that
generates tons o' requests to random fake addresses? This would
effectively cause a de facto DOS attack on Veriscum, but I'm not sure if
it would be prosecutable since no actual site was being targeted...
After all, if you happen to hit fakesites1.com, fakesites2.com,
fakesites3.com, etc etc. who would be the affected party?
The sites don't exist - there's no sysadmin scrambling to block the
traffic, there's no hardware being hammered (directly at least). I don't
think Veriscum would have a case because the requests weren't aimed at
Veriscum or any of their subsidiaries... Just because they decided to
point unresolved URLs to their site unilaterally doesn't seem to me to
be basis enough for a complaint. Of course I could be (and often am)
Lead Security Officer
San Diego, California USA
Direct: (858) 427-2860
Toll Free: 866-240-4484 x 2860
Full-Disclosure is hosted and sponsored by Secunia.