Dailydave mailing list archives
Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 11 Feb 2004 12:15:44 -0500
I would assume that like all public announcements, it will imped people with (former) 0day from hacking into systems. My position has always been that using public exploits is a for QA and "pen-testers" and that hackers focus primarily on 0day. A good forign intel service (or hacker group, for that matter) probably penetrated Microsoft long ago, and doesn't need any exploits.
To expand on this, I would say that: HUMINT (bribing (or being) microsoft janitors to get you access)SIGINT (hacking using that trusted access to gain further access to cvs trees internally to plant the backdoor) Denial and Deception (used as a feedback loop and to protect from a strategic threat - Russia had no need for MS source, but having it officially closed a few holes in their cover, no doubt)
are a strategic triad, much the way subs, planes, and ground based weapons are. Traditional hackers can cover only one of these (to truly decieve your enemy, you have to KNOW your enemy and few hackers can claim to do that).
Of course, the risk to DoD systems has probably just gone up from intelligence systems in smaller european and asian countries who haven't got a top-notch vulnerability research team (or connections to one) and who haven't penetrated MS, but who will quickly capitalize on public information. I'm sure there's generals out there having nightmares of a turned private with a souped-up copy of something CANVAS-like wandering their networks. My bet is that this sort of threat is 5 years off though. My take on when a medium-strength group (intel or otherwise) would have had this information is from the date that eEye reported it to Microsoft, not from public release. I'd be certain that all the internal MS mailing lists on security (and access to bugcheck, etc) leak all over the place.
This is all just gut-feel and a subscription to stratfor.biz and the economist though.
-dave Bradley, Terry (CONTR) wrote:
Dave,Do you think the public announcement of the latest Microsoft vulnerability (http://microsoft.com/technet/security/bulletin/MS04-007.asp) will prove to be a boon to foreign intelligence services seeking to hack into DoD systems? Enquiring minds want to know.;)tb ------------------------------------------------------------------------ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Bradley, Terry (CONTR) (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Dave Aitel (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Nicob (Feb 11)
- Re[2]: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Halvar Flake (Feb 11)
- RE: Re[2]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Brett Moore (Feb 11)
- Re[4]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Halvar Flake (Feb 12)
- RE: Re[4]: ASN.1 Vulnerability Could Allow CodeExecution(828028); Microsoft Security Bulletin MS04-007 john blumenthal (Feb 15)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Nicob (Feb 11)
- Re: Re[2]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Matt Hargett (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Dave Aitel (Feb 11)