[Full-Disclosure] Britannia Security Advisory 001-2004 version 1.0

From: Feher Tamas (etomcat_at_freemail.hu)
Date: 01/26/04

  • Next message: bugzilla_at_redhat.com: "[RHSA-2004:032-01] Updated Gaim packages fix various vulnerabiliies" 
    To: full-disclosure@lists.netsys.com
Date: Mon, 26 Jan 2004 17:33:53 +0100 (CET)

    Britannia Security Advisory 001-2004 version 1.0

    Attack described:
    Valid input at vulnerable ports can result in loss of system integrity.

    Vulnerable systems:
    Operating system: Microsoft
    Hardware: William H. Gates III

    Attack method: small natural variations in regular operation of legacy
    systems may result in data transfer vector hitting incorrect port on
    vulnerable host.

    Requirements:
    Only particular legacy systems can act as attack source.
    Vendor: Windsor (formerly Saxe-Coburg-Gotha)
    Model: QE2 revision 1926

    Attack data packet (Label:Offset) KBE:1917
    Specific packet data in ASCII format follows:
    "Knight Commander of the Most Excellent Order of the British Empire"

    Vector: Sword
    Symptoms: Loss of systems integrity, ear falls off.

    Mitigation strategies:

    Proactive:
    a., Replace attacker.
    Prior consultation recommended, see: Rumsfeld, Donald
    Pro: Some irish guys will thank you
    Con: High costs, popular resistance, media fallout needs be considered

    b., Hire "set a thief to catch a chief" whitehat with prior blackhat
    experience in such ear attacks to evaluate risks and assess defensive
    methods. See: Simon "Kefas The Stone" Peter
    Pro: documented to work
    Con: most vendors refuse to deal with ex black-hats,
    named consultant a known liar.

    c., Physical protection of the vulnerable system recommended. See:
    http://money.cnn.com/2004/01/26/technology/gates_knight.reut/gates_
    knight2.03.jpg

    Reactive:
    a., Apply patches and cover damages with insurance policy. Forensics
    almost never required, but surgery can restore systems integrity
    up to 90-95%.

    a., Hire consultant with prior experience in similar environment, who
    advises on mitigating long-term effects of said systems integrity breach.
    See: Lauda, Niki, Formula 1, Champion, Three times.

    c., Whitehat already mentioned under paragraph "Proactive / b." may
    contract a specialist, who is certified to restore ears integrity 100%.

    Pro: Successful transaction can result in reception of further input
    values. See: beatification, canonization, sainthood

    Con: May require prior consultation with a joint polish-italian competitor
    by the brand name JPII. May require changing vendor to a JPII
    recommended supplier, which can result in loss of original input data,
    due to vendor incompatibility between the attacker and 3rd party
    consultant.

    End of security advisory 001-2004-version 1.0

    *************************************************

    Consumer version of security bulletin available at:
    http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi
    /uk_news/3428673.stm

    Last modified: 26/01/2004 16:35GMT 8-)

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: bugzilla_at_redhat.com: "[RHSA-2004:032-01] Updated Gaim packages fix various vulnerabiliies"