| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Feb 2004 10:58:07 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Florian Weimer <fw@...eb.enyo.de> Cc: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com, Zak Dechovich <ZakGroups@...ureol.com> Subject: Re[2]: ASN.1 telephony critical infrastructure warning - VOIP Dear Florian Weimer, It's different thing. Any infrastructure based on Windows is under risk. But it's not because VoIP uses ASN.1. --Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A@...URITY.NNOV.RU: FW> 3APA3A wrote: >> ASN.1 is used by many services, but all use different underlying >> protocols. It's not likely NetMeeting or MS ISA server to be primary >> attack targets. Attack against MS IPSec implementation, Exchange, >> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP >> infrastructure (except connectivity degradation because of massive >> traffic). FW> I wish your assessment were true, but it's not. Cisco Call Manager is FW> based on Windows, and Cisco still has to certify the patches Microsoft FW> released. FW> It's sad that Microsoft apparently hasn't used those six months to FW> properly coordinate the issue with OEM vendors. -- ~/ZARAZA Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists