lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Nov 2010 09:26:49 -0500
From: "Mikhail A. Utin" <mutin@...monwealthcare.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: virus in email RTF message MS OE almost
	disabled

As we see, our list has a few (luckily just a few) unprofessional people thinking of themselves as gods, and hiding in such Russian-born domains. It's useless to engage in any discussion as they have too much time and will waste our time as well. And it's useless to explain ethics, security basics, and our experience as they are kiddies. Eventually they will grow ... may be.

List, thank you very much

Mikhail A. Utin, CISSP
Information Security Analyst
Commonwealth Care Alliance
30 Winter St.
Boston, MA 
TEL: (617) 426-0600 x.288
FAX: (617) 249-2114
http://www.commonwealthcare.org
mutin@...monwealthcare.org


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@...merofgod.com] 
Sent: Monday, November 22, 2010 4:52 PM
To: Mikhail A. Utin
Cc: full-disclosure@...ts.grok.org.uk
Subject: RE: virus in email RTF message MS OE almost disabled

Keep it on the list.  No need for private emails if you need assistance - give everyone a chance!

My response was far more useful than your post - "I got pwned by an Office virus by opening an attachment in OE - What could it be??"  Jeeze dude.  And I didn't give any "adice" about "Noton."  I said to get someone professional, which you *clearly* need to do. 

You should look up these guys:  
http://www.rubos.com/pisa.html

Apparently they are Information System Security Professionals, and they are in the same town as you.  One even has a CISSP, so you KNOW that he knows what he is doing.  Funny thing is that he has the exact same name as you do.  What are the chances of that?  If these guys formed the company to sell services to businesses and individuals to comply with legal security and privacy requirements, then they should be able to figure out how to find an Office virus on XP, right?

You can even join them as "Security professionals and experienced Information Sestems professionals are welcome."  I'm not sure what a "Sestems professional" is, but it must be very important work.

Waste of time indeed.  Apple Stores are hiring "geniuses" for the holidays - even they know how to use XP and could help. 

t





From: Mikhail A. Utin [mailto:mutin@...monwealthcare.org] 
Sent: Monday, November 22, 2010 1:26 PM
To: Thor (Hammer of God)
Subject: RE: virus in email RTF message MS OE almost disabled

Your email is useless. It is on my home PC. If you have better adice than using Noton SW, then please use your mind to get something minigful.
If you can name the virus or where to find its instance, it would be a help. Otherwise do not waste you and my time.

From: Thor (Hammer of God) [mailto:thor@...merofgod.com] 
Sent: Monday, November 22, 2010 3:17 PM
To: Mikhail A. Utin; full-disclosure@...ts.grok.org.uk
Subject: RE: virus in email RTF message MS OE almost disabled

You know, every time I start to get a bit of hope for what looks like an upward trend of businesses and organizations taking security seriously, I see crap like this.  Your organization is a Medicare prescription contractor with a national network of 61,022 contracted pharmacies, and not only are you running unpatched versions of old OS's and opening email attachments because they "look OK," but you have to post to Full Disclosure asking help for trivial virus detection and removal advice?   Now that everyone on FD knows that you are vulnerable and that you open email attachments, you've probably just caused the organization to be pwned 9 ways from Sunday. 

To answer your question, call a professional and have them do it.  And in the future, don't send out emails like this from your organization email announcing the state of your security.  That's what Hotmail is for.  

t

From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Mikhail A. Utin
Sent: Monday, November 22, 2010 7:18 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] virus in email RTF message MS OE almost disabled

Hello,
Opening looking OK email message in my MS OE I've very likely got new kind of virus, which exploits MS Office flaw recently announced. Immediately after, my OE started consuming huge memory when I switched between folders or messages. I've not seen any process in Task Manager taking up to 1 GB memory (physical is 512M). I did not find any newly installed executables either. When I shut down OE, the computer works fine.
Any thoughts?
Thank you

Mikhail
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists