lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <EA7C77F97CC73F4AAC856A4595DF34E20B8FA136@swilnts801.wil.fusa.com>
From: Glenn_Everhart at bankone.com (Glenn_Everhart@...kone.com)
Subject: Viral infection via Serial Cable

A serial connection using protocols like xmodem, ymodem, kermit, or
the like might well avoid exposing a machine to malware. A malware
program must be able to use some facilities offered by a network
typically if it is to propagate on a network. Serial connections
running occasional file transfer protocols don't offer services that
most malware would know how to use. This does not mean there are no
services; just that a malware author is unlikely to notice a serial
line and test, say, for a kermit or uucp server at the other end. (If those
allow access only to a single directory containing nothing interesting,
too, that isn't going to allow much exposed function for attacks.)

Obviously if the serial line carries IP somehow, it might be used without
the malware even noticing anything difficult.

An intermediate ground like using some not currently fashionable
serial network (e.g., run DECnet over the line)  would probably
avoid being exploited too, but someone who knew what was going on
could attack it or use it to spread malware.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Jean
Gruneberg
Sent: Monday, August 30, 2004 3:21 PM
To: 'Full Disclosure'
Subject: RE: [Full-Disclosure] Viral infection via Serial Cable


Hi all

Thanks for the info.  I presumed there wasn't anything running around that
normally would 'see' a serial connection and keeping the machine off an
ordinary network system will protect it machine...

Need to look at the pc more to see if and what patches / sp etc have been
applied as well, if it is a vanilla system etc  Pity the machine runs 18
hours a day and they don't like taking it offline for the IT guy to have a
look see ;-)

Jean

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
**********************************************************************


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ