lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 17 Feb 2004 21:29:38 -0500
From: "Michael H. Warfield" <mhw@...tsend.com>
To: Gadi Evron <ge@...tistical.reprehensible.net>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com,
   Zak Dechovich <ZakGroups@...ureol.com>
Subject: Re: ASN.1 telephony critical infrastructure warning - VOIP

On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote:
> I apologize, but I am using these mailing lists to try and contact the 
> different */CERT teams for different countries.

	Then contact FIRST.

	Forum of Incident Reaction Security Teams.

	<http://www.first.org>

	Many, if not most, CERTs are members.

> As we all know, ASN.1 is a new very easy to exploit vulnerability. It 
> attacks both the server and the end user (IIS and IE).

> We expect a new massive worm to come out exploiting this vulnerability 
> in the next few days.

	This I seriously doubt.  We have no indicators leading in that
direction.

> Why should this all interest you beyond it being the next blaster?

> ASN is what VOIP is based on, and thus the critical infrastructure for 
> telephony which is based on VOIP.

	No.  ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on".  I won't rehash what other have refuted, here.  If it's
possible, it's likely we'll see other indicators pointing in that
direction.

> This may be a false alarm, but you know how worms find their way into 
> every network, private or public. It could (maybe) potentially bring the 
> system down.

> I am raising the red flag, better safe than sorry.

	Better to be informed than alarmist.

> The two email messages below are from Zak Dechovich and myself on this 
> subject, to TH-Research (The Trojan Horses Research Mailing List). The 
> original red flag as you can see below, was raised by Zak. Skip to his 
> message if you like.

>     Gadi Evron.

	:

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@...tsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ