funsec mailing list archives
CYBER-PMESII COMMANDER?S ANALYSIS (fwd)
From: Valdis.Kletnieks () vt edu
Date: Wed, 09 Dec 2009 13:29:39 -0500
Somehow, I doubt the payload here is in fact from NSA, nor covered by any DOD restrictions. Have at it, forensics junkies. ;) And thank you Fedora Rawhide for breaking GnuPG on me. ;)
--- Begin Message ---From apache () newsocketworks virtual vps-host net Wed Dec 9 12:53:08 2009Return-Path: <apache () newsocketworks virtual vps-host net> Received: from turing-police.cc.vt.edu (localhost [IPv6:::1]) by turing-police.cc.vt.edu (8.14.3/8.14.3) with ESMTP id nB9Hr8AK010357 for <valdis () turing-police cc vt edu>; Wed, 9 Dec 2009 12:53:08 -0500 MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: TEXT/PLAIN Received: from imap.vt.edu [198.82.183.77] by turing-police.cc.vt.edu with IMAP (fetchmail-6.3.13) for <valdis () turing-police cc vt edu> (single-drop); Wed, 09 Dec 2009 12:53:08 -0500 (EST) Received: from rikku.cc.vt.edu ([198.82.161.187]) by ems1.cc.vt.edu (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KUE00KNHC6YV3A0 () ems1 cc vt edu> for valdis () vt edu; Wed, 09 Dec 2009 12:49:58 -0500 (EST) Original-recipient: rfc822;valdis () vt edu Received: from localhost (localhost [127.0.0.1]) by rikku.cc.vt.edu (MOS 3.10.8-GA) id HOZ18700; Wed, 09 Dec 2009 12:49:57 -0500 (EST) Received: from steiner.cc.vt.edu (steiner.cc.vt.edu [198.82.163.51]) by rikku.cc.vt.edu (MOS 3.10.8-GA) with ESMTP id HOZ18674; Wed, 09 Dec 2009 12:49:53 -0500 (EST) Received: from slfc.virtual.vps-host.net (EHLO newsocketworks.virtual.vps-host.net) ([216.154.216.196]) by steiner.cc.vt.edu (MOS 4.1.8-GA FastPath queued) with ESMTP id DRT98136; Wed, 09 Dec 2009 12:49:52 -0500 (EST) Received-SPF: pass (newsocketworks.virtual.vps-host.net: domain of apache () newsocketworks virtual vps-host net designates 127.0.0.1 as permitted sender) receiver=newsocketworks.virtual.vps-host.net; client-ip=127.0.0.1; helo=newsocketworks.virtual.vps-host.net; envelope-from=apache () newsocketworks virtual vps-host net; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0; Received: from newsocketworks.virtual.vps-host.net (localhost.localdomain [127.0.0.1]) by newsocketworks.virtual.vps-host.net (8.13.8/8.13.8) with ESMTP id nB9HnpvK015990 for <valdis.kletnieks () vt edu>; Wed, 09 Dec 2009 12:49:51 -0500 Received: (from apache@localhost) by newsocketworks.virtual.vps-host.net (8.13.8/8.13.8/Submit) id nB9Hnpk9015989; Wed, 09 Dec 2009 12:49:51 -0500 Date: Wed, 09 Dec 2009 12:49:51 -0500 Message-id: <200912091749.nB9Hnpk9015989 () newsocketworks virtual vps-host net> To: valdis.kletnieks () vt edu Subject: CYBER-PMESII =?UNKNOWN?Q?COMMANDER=E2S?= ANALYSIS From: sonsi () nsa gov X-Mirapoint-Received-SPF: 216.154.216.196 newsocketworks.virtual.vps-host.net apache () newsocketworks virtual vps-host net 4 softfail X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=0001.0A020301.4B1FE33F.01A8, actions=DELAY SPF TAG X-Junkmail-Info: (45) SPF_HELO_SOFTFAIL,SUBJECT_NEEDS_ENCODING,SUBJ_ALL_CAPS X-Junkmail-Status: score=45/50, host=steiner.cc.vt.edu X-Junkmail-SD-Raw: score=unknown, refid=str=0001.0A020205.4B1FE341.00D3:SCGSTAT602704,ss=1,fgs=0, ip=216.154.216.196, so=2009-09-22 00:05:22, dmn=2009-09-10 00:05:08, mode=multiengine X-Junkmail-IWF: false X-Mirapoint-Loop-Id: 763ff37a0e5c69fe40c175a6112b0e14 AFRL-RI-RS-TR-2009-136 Final Technical Report December 2009 CYBER-PMESII COMMANDERÂS ANALYSIS OF FORECAST EFFECTS (CYBERCAFE) INFORMATION SUBJECT TO EXPORT CONTROL LAWS WARNING - This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal penalties. Disseminate IAW DoDD 5230.25. DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program, Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of contents or reconstruction of the document. Export of the attached information (which includes, in some circumstances, release to foreign nationals within the United States) without first obtaining approval or license from the Department of State for items controlled by the International Traffic in Arms Regulation (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulation (EAR), may constitute a violation of law. Download: http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip or http://rapidshare.com/files/318309046/CYBERCAFE.zip.html http://www.sendspace.com/file/fmbt01
--- End Message ---
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CYBER-PMESII COMMANDER?S ANALYSIS (fwd) Valdis . Kletnieks (Dec 09)
- <Possible follow-ups>
- Re: CYBER-PMESII COMMANDER?S ANALYSIS (fwd) Juha-Matti Laurio (Dec 09)
- Re: [funsec] CYBER-PMESII COMMANDERāS ANALYSIS (fwd) Paul Ferguson (Dec 09)