Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
Date: 02/18/04

  • Next message: Steve Wray: "RE: [Full-Disclosure] Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution"
    Date: Wed, 18 Feb 2004 18:36:47 +0100


    > We don't see dedicated and targeted attacks at 4 million cablemodem users
    > designed to drop off trojans, ddos zombies, and similar.

    Sure. I wasn't claiming that worms don't get deployed, neither that they do
    not pose a huge problem. My point was rather that the fact something might
    not be an addressable target for a worm it doesn't automatically make it an
    unattractive target altogether. Just because it can't be mass-exploited,
    doesn't mean people are not going to use it as an entry point.

    We haven't seen worms for a whole bunch of Unix vulnerabilities that pretty
    much appeared in all variants, free or not. Still, these are being actively
    exploited on a daily basis.

    The fact that these things are not maxing out people's bandwidth or just
    make the machine blatantly unusable sure makes them less noticed. However,
    if you care about the specific security of data on your network, they're at
    risk all the same. In this regard (beat me for this), worms like MSBlaster
    sure did have security-enhancing side effect, because people patched their
    boxen that otherwise wouldn't have even thought about it - or noticed.

    > Many of the worst "dedicated and targeted attacks" of late presuppose the
    > presence of a zombie net - preventing the formation of such a net then makes
    > the attack a lot harder to carry out.

    I'm not talking about DDoS, and a zombie net isn't necessary to obfuscate
    the origin of your actions. I mean the 'find target, strike, cover your ass'
    sort of attack. VoIP installations sure is an attractive target for such
    operations, don't you think?
    > And for that matter, installation of a keystroke logger to sniff out credit card
    > numbers *IS* a dedicated and targeted attack - on the credit card system.

    I don't quite get your point here - did I claim anything else?

    Cheers, J.

    Full-Disclosure - We believe in it.

  • Next message: Steve Wray: "RE: [Full-Disclosure] Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution"