lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000d01c37fb3$e9a8e760$550ffea9__40128.3664316454$1064247508@rms>
Date: Sat, 20 Sep 2003 16:19:32 -0400
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...URITYFOCUS.COM>
Subject: How Verisign's SiteFinder service breaks Windows networking utilities


Hi,

Verisign's SiteFinder service also breaks many of the standard Windows
networking utilities by providing misleading error messages, temporary
lockups, and incorrect status information.

For example, referencing a UNC path with a misspelled domain name with
SiteFinder in the picture gives an incorrect error message and hangs a
command prompt window for about 30 seconds:

   C:\work\sitefinder>dir \\sdkfasdlfkasdlfkasdk.com\drivec
   Access is denied.

The correct error message is displayed instantly if SiteFinder is out of
the picture:

   C:\work\sitefinder>dir \\sdkfasdlfkasdlfkasdk.us\drivec
   The network path was not found.

The correct error message for a misspelled domain name in the Windows
FTP utility is:

   C:\work\sitefinder>ftp ftp.asdklsdfjaskdfjasdfjasdjfasdfj.us
   Unknown host ftp.asdklsdfjaskdfjasdfjasdjfasdfj.us.

With SiteFinder, the FTP utility now provides a useless error message:

   C:\work\sitefinder>ftp ftp.asdklsdfjaskdfjasdfjasdjfasdfj.com
   > ftp: connect :Unknown error number

The PING utility gives incorrect results for misspelled domain names:

   [Incorrect]
   C:\work\sitefinder>ping www.sdfjasdfjaskldfjasdfjas.com

   Pinging www.sdfjasdfjaskldfjasdfjas.com [64.94.110.11] 
   with 32 bytes of data:
   Ping statistics for 64.94.110.11:
   Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

   [Correct]
   C:\work\sitefinder>ping www.sdfjasdfjaskldfjasdfjas.us
   Ping request could not find host www.sdfjasdfjaskldfjasdfjas.us. 
   Please check the name and try again. 

Ditto for tracert:

   [Incorrect]
   C:\work\sitefinder>tracert www.asdfjasdkfjasfjasdj.com

   Tracing route to www.asdfjasdkfjasfjasdj.com [64.94.110.11]
   over a maximum of 30 hops:

   1    11 ms    14 ms    15 ms  10.222.0.1
   2    14 ms    12 ms    11 ms  bar01-p0-2.orlnhe1.ma.attbb.net
[24.128.190.129]
   3    17 ms    14 ms    16 ms  bar01-s2-1-0.nbfrhe1.ma.attbb.net
[24.91.0.141]
   ...

   [Correct]
   C:\work\sitefinder>tracert www.asdfjasdkfjasfjasdj.us
   Unable to resolve target system name www.asdfjasdkfjasfjasdj.us.

Richard M. Smith
http://www.ComputerBytesMan.com






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ