lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jsklein at mindspring.com (Joe Klein)
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an interesting idea. If the database vulnerability and the patch has been available for over 6 months, wouldn't this be proof of "Lack of Due Care" by the companies which were impacted? Sounds like a potential class action suite against management of all public companies impacted. I suspect by there lack of action, it will impact all the stocks on Monday. The other question comes to mind. If this happended, how secure is the rest of the company networks.

Anyone know of a lawyer who would be interested in taking a case like this? 

Joe Klein
jsklein@...dspring.com

- -----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ron DuFresne
Sent: Saturday, January 25, 2003 8:01 PM
To: Jason Coombs
Cc: Richard M. Smith; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure'
Subject: Re: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!




You'll find that you underestimate the number of banks and credit related transactions that use internet connectivity to transact transfers and payment activity.  Pay attention next time you use a ATM or credit card at the gas pumps or the grocery, or a card in those ATM's in various malls and stores.  You'll hear the modems in many dialing during the 'authorization' phase of the transaction, and few are dialing into a private networked system.



Thanks,

Ron DuFresne


On Sat, 25 Jan 2003, Jason Coombs wrote:

> Bank of America should never have allowed their ATM network to rely on 
> routes that could be impacted by non-ATM network computer systems.
>
> That Sapphire might have had this effect makes the sensibility behind 
> writing and releasing it even more apparent, if this was in fact 
> defensive work of a government agency as my speculation suggested.
>
> Jason Coombs
> jasonc@...ence.org
>
> -----Original Message-----
> From: Richard M. Smith [mailto:rms@...puterbytesman.com]
> Sent: Saturday, January 25, 2003 1:11 PM
> To: jasonc@...ence.org; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure'
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
>
>
> However, this worm might not be so harmless as it appears because of 
> collateral damage:
>
>    Bank of America ATMs Disrupted by Virus
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPjNbgT1Xm8BE1/6HEQJJLgCglZ/zgYkaZ/HOz9BWdUb2X3igNlcAoN9E
t075RClV90Q7NAqx5uE5aC19
=fst/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ