On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote:
> I apologize, but I am using these mailing lists to try and contact the
> different */CERT teams for different countries.
Then contact FIRST.
Forum of Incident Reaction Security Teams.
<http://www.first.org>
Many, if not most, CERTs are members.
> As we all know, ASN.1 is a new very easy to exploit vulnerability. It
> attacks both the server and the end user (IIS and IE).
> We expect a new massive worm to come out exploiting this vulnerability
> in the next few days.
This I seriously doubt. We have no indicators leading in that
direction.
> Why should this all interest you beyond it being the next blaster?
> ASN is what VOIP is based on, and thus the critical infrastructure for
> telephony which is based on VOIP.
No. ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on". I won't rehash what other have refuted, here. If it's
possible, it's likely we'll see other indicators pointing in that
direction.
> This may be a false alarm, but you know how worms find their way into
> every network, private or public. It could (maybe) potentially bring the
> system down.
> I am raising the red flag, better safe than sorry.
Better to be informed than alarmist.
> The two email messages below are from Zak Dechovich and myself on this
> subject, to TH-Research (The Trojan Horses Research Mailing List). The
> original red flag as you can see below, was raised by Zak. Skip to his
> message if you like.
> Gadi Evron.
:
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw (at) WittsEnd (dot) com [email concealed]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
> I apologize, but I am using these mailing lists to try and contact the
> different */CERT teams for different countries.
Then contact FIRST.
Forum of Incident Reaction Security Teams.
<http://www.first.org>
Many, if not most, CERTs are members.
> As we all know, ASN.1 is a new very easy to exploit vulnerability. It
> attacks both the server and the end user (IIS and IE).
> We expect a new massive worm to come out exploiting this vulnerability
> in the next few days.
This I seriously doubt. We have no indicators leading in that
direction.
> Why should this all interest you beyond it being the next blaster?
> ASN is what VOIP is based on, and thus the critical infrastructure for
> telephony which is based on VOIP.
No. ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on". I won't rehash what other have refuted, here. If it's
possible, it's likely we'll see other indicators pointing in that
direction.
> This may be a false alarm, but you know how worms find their way into
> every network, private or public. It could (maybe) potentially bring the
> system down.
> I am raising the red flag, better safe than sorry.
Better to be informed than alarmist.
> The two email messages below are from Zak Dechovich and myself on this
> subject, to TH-Research (The Trojan Horses Research Mailing List). The
> original red flag as you can see below, was raised by Zak. Skip to his
> message if you like.
> Gadi Evron.
:
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw (at) WittsEnd (dot) com [email concealed]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
[ reply ]