hacking security forum

[Full-Disclosure] Re: ASN.1 telephony critical infrastructure warning - VOIP

From: Michael H. Warfield <mhw@wittsend.com>
Date: Tue Feb 17 2004 - 21:29:38 EST

On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote:
> I apologize, but I am using these mailing lists to try and contact the
> different */CERT teams for different countries.

        Then contact FIRST.

        Forum of Incident Reaction Security Teams.

        <http://www.first.org>

        Many, if not most, CERTs are members.

> As we all know, ASN.1 is a new very easy to exploit vulnerability. It
> attacks both the server and the end user (IIS and IE).

> We expect a new massive worm to come out exploiting this vulnerability
> in the next few days.

        This I seriously doubt. We have no indicators leading in that
direction.

> Why should this all interest you beyond it being the next blaster?

> ASN is what VOIP is based on, and thus the critical infrastructure for
> telephony which is based on VOIP.

        No. ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on". I won't rehash what other have refuted, here. If it's
possible, it's likely we'll see other indicators pointing in that
direction.

> This may be a false alarm, but you know how worms find their way into
> every network, private or public. It could (maybe) potentially bring the
> system down.

> I am raising the red flag, better safe than sorry.

        Better to be informed than alarmist.

> The two email messages below are from Zak Dechovich and myself on this
> subject, to TH-Research (The Trojan Horses Research Mailing List). The
> original red flag as you can see below, was raised by Zak. Skip to his
> message if you like.

> Gadi Evron.

        :

        Mike 

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  • application/pgp-signature attachment: stored
Received on Tue Feb 17 22:17:12 2004

This archive was generated by hypermail 2.1.8 : Tue Feb 17 2004 - 23:01:02 EST

Custom Search