Full Disclosure mailing list archives

[Full-Disclosure] Re: Contents of Full-disclosure digest

From: Valmont vbamont <valmont27 () yahoo com>
Date: Wed, 13 Aug 2003 16:57:45 -0700 (PDT)

micro$ have its group of software genius to do
junkware.. open source is free speech..  M$ is goin
down as people are getting more smarter each day and
he cant catch us all..



Today's Topics:

   1. Re: ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd) (Jeremiah Cornelius)
   2. Upcoming MS chat (John Sec)
   3. Re: smarter dcom worm (Jeremiah Cornelius)
   4. next blaster variant on its way (Brown, Bobby
(US - Hermitage))
   5. Microsoft MCWNDX.OCX ActiveX buffer overflow
(Tri Huynh)
   6. new msblaster on the loose? (David Vincent)
   7. RE: windowsupdate.com (Turk, Anthony)
   8. Re: windowsupdate.com (KF)
   9. Re[2]: [Full-Disclosure] MSBLASTER - aka
LOVESAN/POZA ? (Geysap)
  10. Re: Windows Dcom Worm Killer (r1an () hush ai)
  11. Cisco Security Advisory: CiscoWorks
Application Vulnerabilities (Cisco Systems Product
Security Incident Response Team)
  12. Denial of Service Vulnerability in NFS on IRIX
(SGI Security Coordinator)
  13. Re: new msblaster on the loose? (Person)
  14. Re: Microsoft MCWNDX.OCX ActiveX buffer
overflow (Thor Larholm)
  15. Administrivia: List Contact Changes (Len Rose)
  16. RE: smarter dcom worm (gml)
  17. RE: dobble-clicking msblast.exe (gml)
  18. RE: smarter dcom worm (gml)
  19. RE: recent RPC/DCOM worm thought (Kerry
Steele)
  20. OpenBSD protect windows update ? (D B)
  21. RE: ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd) (Joey)
  22. Re: [Dshield] new msblaster on the loose?
(John Sage)
  23. (forw) [f0x () squirrelsoup net: Re:
[Full-Disclosure] windowsupdate.com] (Gabe Arnold)
  24. Re: windowsupdate.com (Felipe Scuciatto dos
Santos)
  25. Firewalls (Geo.)
  26. Re: windowsupdate.com (Laurent LEVIER)
  27. Re: Vulnerability Disclosure Debate (Ben
Laurie)
  28. FW: [Full-Disclosure] smarter dcom worm
(Bassett, Mark)
  29. Re: Windows Dcom Worm Killer (w g)

--__--__--

Message: 1
From: Jeremiah Cornelius <jeremiah () nur net>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] ISS Security Brief:
"MS Blast" MSRPC DCOM Worm Propagation (fwd)
Date: Wed, 13 Aug 2003 09:06:25 -0700

<SNIP>

Just to pile on...

http://www.eweek.com/article2/0,3959,1200038,00.asp


"The federal government last week awarded a $90

million contract to

Microsoft Corp. to provide the Department of

Homeland Security with

desktop and server software."

Tax dollars at work...

<SNIP>

In the trainwreck clusterfrag against Jeffersonian
Democracy that is DHS, one 
can only be glad that they are stuck with M$
junkware.  I wouldn't want 
Stassi using good software either... 

-- 
Jeremiah Cornelius, CISSP, CCNA, MCSE
Information Security Technology
email: jcorneli () hotmail com - mobile: 415.235.7689

"What would be the use of immortality to a person
who cannot use well a half 
hour?"
--Ralph Waldo Emerson


--__--__--

Message: 2
From: "John Sec" <john_sec_lists () hotmail com>
To: full-disclosure () lists netsys com
Date: Wed, 13 Aug 2003 16:32:57 +0000
Subject: [Full-disclosure] Upcoming MS chat

I thought some of you might want to participate in
this one:

August 18: Chat with a Microsoft executive about the
Blaster worm -
Discussion on Trustworthy Computing and security at
Microsoft with Security 
Business Unit Vice President Mike Nash. Come with
your questions on security 
products, initiatives and issues for Mike.

http://www.microsoft.com/technet/treeview/?url=/technet/itcommunity/chats/

_________________________________________________________________

Add photos to your e-mail with MSN 8. Get 2 months
FREE*.  
http://join.msn.com/?page=features/featuredemail


--__--__--

Message: 3
From: Jeremiah Cornelius <jeremiah () nur net>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] smarter dcom worm
Date: Wed, 13 Aug 2003 09:36:10 -0700

On Tuesday 12 August 2003 04:51 pm, Marc Maiffret
wrote:
<SNIP>

You are correct in that "this worm sucks" but I

think you could more

eloquently put it as "this is probably the biggest

pile of shit glued

together crap ass excuse for a worm" that I've

ever seen. >:-] That is NOT

to say it is not being affective and damaging

though. It is definitely a

bad one.

<SNIP>

Thanks for getting this out there, Marc!

I have been trying to indicate to victims in my
customer base that they should 
be glad that this first round is a bit of a hassle,
but maybe a blessing for 
them, because the worm is junk code - just short of
a dud.

Hey!  Free, unscheduled assessment!   

We will undoubtably see a transition to a more
robust transport and exploit 
code, coupled with a more threatening payload - like
the Code Red / Nimda 
transition in 2001.  I am afraid that the number of
vectors will go up, 
though.  All the port-blocks and ACLs that drop
Blaster will be conveniently 
avoided for the next wave here.  Anyone who
cherry-picked symptomatic 
approaches over a holistic application of depth
defenses are still going to 
be hit - and they'll wonder just how it could have
happened again!

-- 
Jeremiah Cornelius, CISSP, CCNA, MCSE
Information Security Technology
email: jcorneli () hotmail com - mobile: 415.235.7689

"What would be the use of immortality to a person
who cannot use well a half 
hour?"
--Ralph Waldo Emerson


--__--__--

Message: 4
From: "Brown, Bobby (US - Hermitage)"
<bobbrown () deloitte com>
To: full-disclosure () lists netsys com
Date: Wed, 13 Aug 2003 11:04:31 -0500
Subject: [Full-disclosure] next blaster variant on
its

=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Full-Disclosure] Re: Contents of Full-disclosure digest Valmont vbamont (Aug 13)