lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <N1-a4DUvVDA17@Safe-mail.net>
Date: Sat Sep 17 08:20:43 2005
From: sasb at Safe-mail.net (sasb@...e-mail.net)
Subject: SA Security Bulletin: Unique attack vector
	uncovered during packet analysis

__________________________________________________________________

			 Sexy Action Security Bulletin
		
       		            	SASB-2005-09-17-GR8-2B-EL8

		Packet Analysis Uncovers Unique Attack Vector

    __________________________________________________________________



Executive Summary:

As an enterprise security professional, I insist on maintaining the highest degree of personal hygeine. At 10:38AM AEST, packet capture (sniffing) 
tests revealed that my Gandalf Lord of the Rings t-shirt had been compromised...

Problem Statement:

For some months now I have deployed Nivea deoderant, version 'Aqua Cool', as a personal firewall. Its vendor promises 'revitalising freshness and 
mild care' , while ensuring 24hr performance, reliable protection, and a 'stimulating masculine scent' .

While vendors are as trustworthy as a German sewerage plant operator, and the only thing released more often on the internet than German scheisse 
porn are exploits for personal firewalls, careful searching turned up no current issues with Nivea 'Aqua Cool'. 

This morning, as a preventative measure, I enabled promiscuous mode on my left nostril. This is something I rarely do -  whenever I allow my 
nostril to become promiscous it inevitably accosts American soldiers, demanding two dollars for "sucky, sucky". However, as a professional and a 
champion Tony Hawk 2 player, I must accede to these demands in the name of Security.

I picked up my Lord of the Rings t-shirt, sniffed, and captured a packet exuding from the right armpit production server. Not any boring old IP 
packet, no - this was a DECNET phase IV  packet, transported via x.25. You could have tickled me pink and called me Jesus; I'd assumed DECnet 
had gone the way of the triceratops, stegasaurus, and hats. 

"Why", I asked myself, "is my right armpit running DECnet? It's certainly not a normal state of affairs. Hackers must be involved. They always are. 
DECnet smells like stale sweat and hackers must have bypassed the Nivea firewall to install it on my t-shirt. It's the only way this could have 
happened.

Because of hackers I had to wear my Gollum Lord of the Rings t-shirt to work today. This is unacceptable - Gollum is not suitable for an enterprise 
security environment. Gollum is for informal occasions. Gandalf, the white wizard, commands respect and awe; without Gandalf, I fear that 
co-workers do not respect my authority.

Fix:

Users may apply more firewall, however this is only a preventative measure. As yet I am unsure exactly how to patch a smelly t-shirt.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ