lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Feb 2004 10:58:07 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: Florian Weimer <fw@...eb.enyo.de>
Cc: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com, Zak Dechovich <ZakGroups@...ureol.com>
Subject: Re[2]: ASN.1 telephony critical infrastructure warning - VOIP


Dear Florian Weimer,

It's different thing. Any infrastructure based on Windows is under risk.
But it's not because VoIP uses ASN.1.

--Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A@...URITY.NNOV.RU:

FW> 3APA3A wrote:

>> ASN.1  is  used  by  many  services,  but  all  use different underlying
>> protocols.  It's  not  likely  NetMeeting or MS ISA server to be primary
>> attack  targets.  Attack  against  MS  IPSec  implementation,  Exchange,
>> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
>> infrastructure  (except  connectivity  degradation  because  of  massive
>> traffic).

FW> I wish your assessment were true, but it's not.  Cisco Call Manager is
FW> based on Windows, and Cisco still has to certify the patches Microsoft
FW> released.

FW> It's sad that Microsoft apparently hasn't used those six months to
FW> properly coordinate the issue with OEM vendors.


-- 
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists