Full Disclosure mailing list archives
Re: kaspersky-labs webserver or listserver compromised?
From: Ka <ka () khidr net>
Date: Fri, 8 Nov 2002 11:45:21 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Freitag, 8. November 2002 08:56 Andreas Tirok wrote:
Ka <ka () khidr net> wrote:Here are the headers: - ------------------------- BEGIN HEADERS ----------------------------- Received: from webserver2.kaspersky-labs.com (unknown [195.161.113.178]) by mail.vegaa.de (Postfix) with ESMTP id A9F37174019 for <zim () vegaa de>; Thu, 7 Nov 2002 22:51:28 +0100 (CET) Received: by webserver2.kaspersky-labs.com (Postfix) id 33AB920047; Fri, 8 Nov 2002 00:22:31 +0300 (MSK) Delivered-To: list-15 () webserver2 kaspersky-labs com Received: from webserver2.kaspersky-labs.com (unknown [148.235.6.199])... [Andreas Tirok] Isn't webserver2.kaspersky-labs.com
Hmmm. You certainly know how to call dig. But with which IP?
;; QUESTION SECTION:
;webserver2.kaspersky-labs.com. IN ANY
;; ANSWER SECTION:
webserver2.kaspersky-labs.com. 21600 IN A 195.161.113.178
;; AUTHORITY SECTION:
kaspersky-labs.com. 21600 IN NS ns1.kaspersky-labs.com.
kaspersky-labs.com. 21600 IN NS ns.glasnet.ru.
kaspersky-labs.com. 21600 IN NS ns.macomnet.ru.
Fact is: kaspersky-labs.com is:
a) sending viruses, which her own product could detect.
b) sending that with a return-adress which is an open
list-entry to one of their (supposedly closed) news-lists.
- From your email:
Received: ... Fri, 8 Nov 2002 08:56:03 +0100
From: Andreas Tirok <Andreas.Tirok () beusen de>
Too early - even before 9:00 am,
that's in the middle of the night.
Let me guess - coffee machine down at beusen.de?
Ka
- --
old vulnerability: And whoever exalts himself ...
in the wild: @ kaspersky-labs.com
vulnerable: human brain all versions
credit: Matthew 23, 12
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9y5XB72vu22ltWBERAtiaAJ9/DN9KRsICQlDQGT3pPSnOfMyoQQCfQ9Wi
ufOgh+dk+muHUauvhi4uD2o=
=O5Ia
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- kaspersky-labs webserver or listserver compromised? Ka (Nov 07)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver com Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Kaspersky blames "massive attack" Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)