RE: FAX a virus

["Craig Wright" <cwright () bdosyd com au>]

Hello,
I believed that I have covered this in stating that it is categoritcally imfeasible and close to impossible and that 
any suggestion that it is true is FUD.

So the simple answer is - No you can not get a virus in this manner or for that matter any malware.

Regards,
Craig

________________________________

From: Scott Ramsdell [mailto:Scott.Ramsdell () cellnet com]
Sent: Thu 8/03/2007 2:30 AM
To: Craig Wright; Daniel Anderson
Cc: Nick Duda; anonymous () email com; security-basics () securityfocus com; Bob Radvanovsky
Subject: RE: FAX a virus



You guys have completely missed Alcides question, and are refusing to
acknowledge the point.

He extracts info from faxes and processes the extracted info, he does
not process faxes.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Craig Wright
Sent: Tuesday, March 06, 2007 8:24 PM
To: Daniel Anderson
Cc: Nick Duda; anonymous () email com; security-basics () securityfocus com;
Bob Radvanovsky
Subject: RE: FAX a virus


Sorry Daniel, it does not suffice to state that Fax is digital therefore
it must be vulnerable.

Please do bring up another case. I am happy to analyse it. As I have
stated, scientific process required that you prove a condition. I will
happily shoot down any of the theretical conditions that are being
suggested however.

You can not send digital data through a fax line (computer to computer
or not) in order to cause a buffer overflow. Error correction is
adaequate to send textual information with a moderate degree of success
and few errors. However, the level of white noise rejection is too high
to send anything that can result in a buffer overflow.

Fuzzing has already been brought up and shown to be the wrong approach.
Tiff libray attachs all reqiure direct manipulation of the saved digital
data. When sending an image, the scan is converted and reprocessed. So
this can not work.

Please !!! Prove me wrong ! You state that I am - prove it! Supply some
evidence other than stating I am ranting and proive your accusations. I
have never stated I am nice and I know I am not diplomatic, but prove me
wrong.

Craig

-----Original Message-----
From: Daniel Anderson [mailto:dtndan () gmail com]

Sent: Wednesday, 7 March 2007 12:18 PM
To: Craig Wright
Cc: Nick Duda; anonymous () email com; security-basics () securityfocus com
Subject: Re: FAX a virus

Nick, I wouldn't waste my time.  Craig seems to want to hear himself
rant today.

You can tell because he is screaming about FUD, making cracks about who
is "professional" and who is not, bringing in lots of nonrelated info,
and giving us unnecessary background info, but not useful info like
current ITU standards, T.30, T.38, etc.

Suffice it to say that FAX has grown up into a digital data protocol,
and there are various potential areas that could be explored once you
get your head around the fact that a FAX no longer has to involve paper
any more and, if it is ever analog, is only analog for the physical bit
between the modems (which really doesn't matter one way or the other).


While the OP suggested a situation that could not really occur (inject
macro type virus over FAX) a variety of buffer overflows (driver, tiff
libraries, PDF libraries, etc), etc should be analyzed and not merely
declared as "FUD, FUD, FUD".


Dan


On 3/6/07, Craig Wright <cwright () bdosyd com au> wrote:


        No, the attach is not against the fax. It is not via the fax
comms. It
        is simply an attack against a cisco over IP that you are
assuming.


        The cisco can not be attacked in the manner you suggest.


        Please feel free to prove me wrong.



        Craig


        -----Original Message-----
        From: Nick Duda [mailto:nduda () VistaPrint com]
        Sent: Wednesday, 7 March 2007 4:18 AM
        To: Craig Wright; anonymous () email com
<mailto:anonymous () email com> ; security-basics () securityfocus com
        Subject: RE: FAX a virus


        Fax machine + Cisco ATA + IP + CallManager = Fax machine


        Fax machine can = software



        Fax can be IP/Software based....a possible vector for an attack.


        ________________________________


        From: listbounce () securityfocus com on behalf of Craig Wright

        Sent: Fri 3/2/2007 11:51 PM
        To: anonymous () email com; security-basics () securityfocus com
        Subject: RE: FAX a virus








        FAX!
        There is NO UDP/IP port. NO TCP/IP port. No IP Address.




        FAX is not IP based.




        Not theory at all. FUD!




        Craig


        ________________________________


        From: listbounce () securityfocus com
<mailto:listbounce () securityfocus com>  on behalf of anonymous () email com
        Sent: Fri 2/03/2007 6:31 AM
        To: security-basics () securityfocus com

        Subject: Re: FAX a virus






        Perhaps something along these lines:


        Dependant on resolving the phone number to an IP address of
course, but
        once that information is found either through social engineering
or voip

        probes you could use nmap to find which port is working as the
fax
        reciever then attempt to determine the type of fax machine and
from
        there if you knew assembly could *possibly (if the fax machine
allowed
        remote firmware upgrades) rewrite the firmware of the machine
itself but

        a more practical method would be to temporarily store
information in the
        buffer of the fax machine (this would cause garbage to be
printed for
        one thing which would be a big annoyance).


        And from what you have described from your setup the software
itself may

        be vulnerable to memory bounds checks etc. You would want to
research
        the software using lists such as this if you are truely afraid
of
        vulnerabilities in your fax application.


        Again this is more theoretical then practical but you get the
idea.





------------------------------------------------------------------------
        ---
        This list is sponsored by: BigFix


        If your IT fails, you're out of business - or worse.  Arm your
        enterprise with BigFix, the single converged IT security and
operations

        engine. BigFix enables continuous discovery, assessment,
remediation,
        and enforcement for complex and distributed IT environments in
real-time
        from a single console.
        Think what's next. Think BigFix.




http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/
        ITNext/


------------------------------------------------------------------------

        ---








        Liability limited by a scheme approved under Professional
Standards
        Legislation in respect of matters arising within those States
and
        Territories of Australia where such legislation exists.



        DISCLAIMER
        The information contained in this email and any attachments is
        confidential. If you are not the intended recipient, you must
not use or
        disclose the information. If you have received this email in
error,

        please inform us promptly by reply email or by telephoning +61 2
9286
        5555. Please delete the email and destroy any printed copy.




        Any views expressed in this message are those of the individual
sender.
        You may not rely on this message as advice unless it has been
        electronically signed by a Partner of BDO or it is subsequently
        confirmed by letter or fax signed by a Partner of BDO.


        BDO accepts no liability for any damage caused by this email or
its

        attachments due to viruses, interference, interception,
corruption or
        unauthorised access.






        Liability limited by a scheme approved under Professional
Standards Legislation in respect of matters arising within those States
and Territories of Australia where such legislation exists.



        DISCLAIMER
        The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy.



        Any views expressed in this message are those of the individual
sender. You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.



        BDO accepts no liability for any damage caused by this email or
its attachments due to viruses, interference, interception, corruption
or unauthorised access.





Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy.


Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.



Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.