Full Disclosure mailing list archives
::SPAM:: Re[2]: ASN.1 telephony critical infrastructure warning - VOIP
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 18 Feb 2004 10:58:07 +0300
Spam detection software, running on the system "cw-1.crocker.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Florian Weimer, It's different thing. Any infrastructure based on Windows is under risk. But it's not because VoIP uses ASN.1. --Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A () SECURITY NNOV RU: [...] Content analysis details: (6.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.9 FROM_NO_LOWER 'From' has no lower-case characters 0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters 1.5 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date 0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
--- Begin Message --- From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 18 Feb 2004 10:58:07 +0300
Dear Florian Weimer, It's different thing. Any infrastructure based on Windows is under risk. But it's not because VoIP uses ASN.1. --Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A () SECURITY NNOV RU: FW> 3APA3A wrote:ASN.1 is used by many services, but all use different underlying protocols. It's not likely NetMeeting or MS ISA server to be primary attack targets. Attack against MS IPSec implementation, Exchange, SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP infrastructure (except connectivity degradation because of massive traffic).FW> I wish your assessment were true, but it's not. Cisco Call Manager is FW> based on Windows, and Cisco still has to certify the patches Microsoft FW> released. FW> It's sad that Microsoft apparently hasn't used those six months to FW> properly coordinate the issue with OEM vendors. -- ~/ZARAZA Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)
--- End Message ---
Current thread:
- ::SPAM:: Re[2]: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Mar 14)