::SPAM:: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 02/18/04

  • Next message: 3APA3A: "[Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges"
    To: Florian Weimer <fw@deneb.enyo.de>
    Date: Wed, 18 Feb 2004 10:58:07 +0300
    
    
    

    Spam detection software, running on the system "cw-1.crocker.com", has
    identified this incoming email as possible spam. The original message
    has been attached to this so you can view it (if it isn't spam) or block
    similar future email. If you have any questions, see
    the administrator of that system for details.

    Content preview: Dear Florian Weimer, It's different thing. Any
      infrastructure based on Windows is under risk. But it's not because
      VoIP uses ASN.1. --Wednesday, February 18, 2004, 12:32:10 AM, you wrote
      to 3APA3A@SECURITY.NNOV.RU: [...]

    Content analysis details: (6.5 points, 5.0 required)

     pts rule name description
    ---- ---------------------- --------------------------------------------------
     1.9 FROM_NO_LOWER 'From' has no lower-case characters
     0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
     1.5 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters
     1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
     0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer

    
    

    attached mail follows:


    Date: Wed, 18 Feb 2004 10:58:07 +0300
    To: Florian Weimer <fw@deneb.enyo.de>
    
    

    Dear Florian Weimer,

    It's different thing. Any infrastructure based on Windows is under risk.
    But it's not because VoIP uses ASN.1.

    --Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A@SECURITY.NNOV.RU:

    FW> 3APA3A wrote:

    >> ASN.1 is used by many services, but all use different underlying
    >> protocols. It's not likely NetMeeting or MS ISA server to be primary
    >> attack targets. Attack against MS IPSec implementation, Exchange,
    >> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
    >> infrastructure (except connectivity degradation because of massive
    >> traffic).

    FW> I wish your assessment were true, but it's not. Cisco Call Manager is
    FW> based on Windows, and Cisco still has to certify the patches Microsoft
    FW> released.

    FW> It's sad that Microsoft apparently hasn't used those six months to
    FW> properly coordinate the issue with OEM vendors.

    -- 
    ~/ZARAZA
    Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: 3APA3A: "[Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges"

    Relevant Pages

    • Denied post to the tech mailing list
      ... Spam detection software, running on the system "openbsd.cs.colorado.edu", has ... identified this incoming email as possible spam. ... Content analysis details: ... The original message was not completely plain text, ...
      (freebsd-questions)
    • (none)
      ... Spam detection software, running on the system "vulture.killfile.org", has ... identified this incoming email as possible spam. ... The original message ... Content analysis details: ...
      (rec.toys.transformers.moderated)
    • Re: Slow computer
      ... Email address deliberately false to avoid spam ... Clean up the programs running at start up. ... It contains advice ... > using Windows XP "prettifications". ...
      (microsoft.public.windowsxp.general)
    • Re: A good spam software?
      ... there's times when I think everyone's spam comes to me! ... Windows Update ... You should at least turn on the built in firewall. ... I see that AntiVirus software is an absolute necessity given ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Flamewar _ DO NOT READ
      ... Did you know that those idiots have added a captcha to the post form, ... much buggier and more problematic spam blocking ... Windows 3.0 anymore; there's a handful of copies of Windows 3.1 still ... None of the nasty things that you have said or implied about me are at ...
      (rec.games.roguelike.angband)