Full Disclosure mailing list archives
[Full-Disclosure] RE: Full-disclosure digest, Vol 1 #649 - 5 msgs
From: "Hillier, Paul" <Paul.Hillier () landg com>
Date: Wed, 12 Mar 2003 09:45:25 -0000
Firewall disablers http://cryptome.org/dirty-antisec.htm AntiSecTM is an Anti-Firewall application AntiSecTM searches for all known firewalls AntiSecTM kills the running process AntiSecTM replaces the running icon seamlessly AntiSecTM allows stealth FTP connection AntiSecTM effectively kills target's security [Firewall icons shown:] Boshield.ico Esafe.ico cyberwall.ico Atguard1.ico Blackice.ico zonealarm.ico lockdown2000.ico neverhack.ico Jammer1.ico eTrust Intrusion Detection.ico http://cryptome.org/dirty-antisec.zip courtesy of www.whitetigersecurity.com -----Original Message----- From: full-disclosure-request () lists netsys com [mailto:full-disclosure-request () lists netsys com] Sent: 11 March 2003 17:00 To: full-disclosure () lists netsys com Subject: Full-disclosure digest, Vol 1 #649 - 5 msgs Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. Re: Bypassing Black Ice PC protection? (Darwin) 2. Re: Bypassing Black Ice PC protection? (Curt Wilson) 3. Problem installing Linksys network card with Suse Linux 7.2 (it misc) 4. Problem installing Linksys network card with Suse Linux 7.2 (it misc) 5. RE: Security Certifications (Curt Purdy) --__--__-- Message: 1 From: "Darwin" <darwin () netmadeira com> To: <netw3_security () hushmail com>, <incidents () securityfocus com> Cc: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Bypassing Black Ice PC protection? Date: Tue, 11 Mar 2003 01:19:41 -0000 ----- Original Message ----- From: "Curt Wilson" <netw3_security () hushmail com>
Recently seen: what appears to be an attacker bypassing Black Ice PC
protection through unknown methods. Check this article: http://security-archive.merton.ox.ac.uk/bugtraq-200302/0268.html It describes a way to bypass personal firewalls. Cheers, Paulo --__--__-- Message: 2 Date: Mon, 10 Mar 2003 19:58:05 -0800 To: incidents () securityfocus com, darwin () netmadeira com Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Bypassing Black Ice PC protection? From: "Curt Wilson" <netw3_security () hushmail com> Reply-To: netw3_security () hushmail com This e-mail (and any attachments) may contain privileged and/or confidential information. If you are not the intended recipient please do not disclose, copy, distribute, disseminate or take any action in reliance on it. If you have received this message in error please reply and tell us and then delete it. Should you wish to communicate with us by e-mail we cannot guarantee the security of any data outside our own computer systems. For the protection of Legal & General's systems and staff, incoming emails will be automatically scanned. Any information contained in this message may be subject to applicable terms and conditions and must not be construed as giving investment advice within or outside the United Kingdom. Representative only of the Legal & General marketing group, members of which are regulated by the Financial Services Authority for the purposes of advising on life assurance and investment products bearing Legal & General's name. Legal & General Group PLC, Temple Court, 11 Queen Victoria Street, London, EC4N 4TP. Registered in England no: 166055. -----BEGIN PGP SIGNED MESSAGE----- Paulo + everyone, the techniques mentioned in that bugtraq message mentioned here are applicable from WITHIN the host protected by a personal firewall, so if a malicious applet or some other malware took control of the system from a local administrator for instance, the firewall could be easily bypassed from that side. This is not what I'm seeing. What I've seen is an Internet based attacker getting TCP SYN packets through Black Ice PC Protection, reaching an application (FTP server). If the IP was blocked at the systems 'edge', then the FTP server log should not have shown any such IP address entry, becase as far as the FTP server *should* know, there was no connection attempt. The attacker did not actually start a session with the FTP server due to IP based access control within the server itself. Still, seeing Black Ice be 'melted' as a friend said, is troubling. I've double the firewall rules and there is nothing that specifies that this IP should be allowed through. Since the attacker, or the attackers script more likely was rejected by the FTP application, I don't know how likely it is that this specific attacker will come back so I can capture his methods in more detail. I'll be working on reproducing this behavior myself, but if anyone has additional info please drop me a line. If I can reproduce then I'll talk to ISS. On Mon, 10 Mar 2003 17:19:41 -0800 Darwin <darwin () netmadeira com> wrote:
----- Original Message ----- From: "Curt Wilson" <netw3_security () hushmail com>Recently seen: what appears to be an attacker bypassing Black Ice PC
protection through unknown methods.
Check this article: http://security-archive.merton.ox.ac.uk/bugtraq-200302/0268.html It describes a way to bypass personal firewalls. Cheers, Paulo
-----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmMEARECACMFAj5tXf8cHG5ldHczX3NlY3VyaXR5QGh1c2htYWlsLmNvbQAKCRBGd/Yw aRH3K0ymAJwNzbMhGMbrjHWj7DtyANnTbMHsyQCdEm3afn5aJ+LJ+DYFswwpu28I7Hg= =X9zB -----END PGP SIGNATURE----- --__--__-- Message: 3 Date: Mon, 10 Mar 2003 22:25:34 -0800 (PST) From: it misc <itmisc () yahoo com> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Problem installing Linksys network card with Suse Linux 7.2 --0-483483029-1047363934=:59676 Content-Type: text/plain; charset=us-ascii Hi: I am trying to configure my Linksys network card to work with Suse Linux 7.2. I downloaded the latest tulip.c from ftp://ftp.scyld.com/pub/network/tulip.c. I put it into directory /usr/src/linux/drivers/net. As I recompile the Kernel, I ran into errors. System Information: Pentium II 412MHz, 224MB RAM, 10GB Western Digital hard drive. If anyone ran into similar problem and was able to fixed it, please help me out. Thank you very much for your help. Henry Tran --------------------------------- Do you Yahoo!? Yahoo! Web Hosting - establish your business online --0-483483029-1047363934=:59676 Content-Type: text/html; charset=us-ascii <P>Hi:</P> <P>I am trying to configure my Linksys network card to work with Suse Linux 7.2.</P> <P>I downloaded the latest tulip.c from <A href="ftp://ftp.scyld.com/pub/network/tulip.c">ftp://ftp.scyld.com/pub/netwo rk/tulip.c</A>. I put it into directory /usr/src/linux/drivers/net. As I recompile the Kernel, I ran into errors.</P> <P>System Information: Pentium II 412MHz, 224MB RAM, 10GB Western Digital hard drive.</P> <P>If anyone ran into similar problem and was able to fixed it, please help me out.</P> <P>Thank you very much for your help.</P> <P>Henry Tran</P><p><br><hr size=1>Do you Yahoo!?<br> <a href="http://webhosting.yahoo.com/ps/wh3/prod/">Yahoo! Web Hosting</a> - establish your business online --0-483483029-1047363934=:59676-- --__--__-- Message: 4 Date: Mon, 10 Mar 2003 22:51:43 -0800 (PST) From: it misc <itmisc () yahoo com> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Problem installing Linksys network card with Suse Linux 7.2 --0-788992053-1047365503=:63348 Content-Type: text/plain; charset=us-ascii Hi: I am trying to configure my Linksys network card to work with Suse Linux 7.2. I downloaded the latest tulip.c from ftp://ftp.scyld.com/pub/network/tulip.c. I put it into directory /usr/src/linux/drivers/net. As I recompile the Kernel, I ran into errors. Network card Info: EtherFast 10/100 LAN Card, LNE100TX Version 4.0 System Info: Pentium II 412MHz, 224MB RAM, 10GB Western Digital hard drive. I appreciate any help. Thank you very much. Henry Tran --------------------------------- Do you Yahoo!? Yahoo! Web Hosting - establish your business online --0-788992053-1047365503=:63348 Content-Type: text/html; charset=us-ascii <P>Hi:</P> <P>I am trying to configure my Linksys network card to work with Suse Linux 7.2.</P> <P>I downloaded the latest tulip.c from <A href="ftp://ftp.scyld.com/pub/network/tulip.c">ftp://ftp.scyld.com/pub/netwo rk/tulip.c</A>. I put it into directory /usr/src/linux/drivers/net. As I recompile the Kernel, I ran into errors.</P> <P>Network card Info: EtherFast 10/100 LAN Card, LNE100TX Version 4.0</P> <P>System Info: Pentium II 412MHz, 224MB RAM, 10GB Western Digital hard drive.</P> <P>I appreciate any help.</P> <P>Thank you very much.</P> <P>Henry Tran</P><p><br><hr size=1>Do you Yahoo!?<br> <a href="http://webhosting.yahoo.com/ps/wh3/prod/">Yahoo! Web Hosting</a> - establish your business online --0-788992053-1047365503=:63348-- --__--__-- Message: 5 From: "Curt Purdy" <purdy () tecman com> To: "'B3r3n'" <B3r3n () argosnet com>, "'hellNbak'" <hellnbak () nmrc org>, "'Ron DuFresne'" <dufresne () winternet com> Cc: "'Rizwan Ali Khan'" <rizwanalikhan74 () yahoo com>, <full-disclosure () lists netsys com>, <security-basics () securityfocus com>, <certification () securityfocus com> Subject: RE: [Full-disclosure] Security Certifications Date: Tue, 11 Mar 2003 06:33:06 -0600 hilarious. cept the fee is $450, not $2k. Curt Purdy CISSP, MCSE+I, CNE, CCDA Senior Systems Engineer Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of B3r3n Sent: Friday, March 07, 2003 1:01 PM To: hellNbak; Ron DuFresne Cc: Rizwan Ali Khan; full-disclosure () lists netsys com; security-basics () securityfocus com; certification () securityfocus com Subject: Re: [Full-disclosure] Security Certifications Guys, Never read the CISSP trojan? Nice no? _________________________________________ Security Advisory MA-2003-01 CISSP - Trojan Security Certification Original Release Date: Thursday January 16, 2003 Last Revised: -- Source: -- Systems Affected o Information Security Community o Information Technology Employers o Information Security Consultants Overview It has recently been identified that The International Information Systems Security Certification Consortium (CISSP) has developed and released a potentially destructive trojan application, which masquerades as a valid standard for professional certification in the field of information security. I. Description Delivered in the benign form of a six hour examination, the CISSP prompts target user with a series of 250 questions regarding the following topics: o Access Control Systems & Methodology o Applications & Systems Development o Business Continuity Planning o Cryptography o Law, Investigation & Ethics o Operations Security o Physical Security o Security Architecture & Models o Security Management Practices o Telecommunications, Network & Internet Security This rather large payload, commonly referred to as the Common Body of Knowledge (CBK), may cause a Denial of Service situation, leaving the target overwhelmed and unable to respond to further requests during the duration of the attack. If the target handles the Denial of Service attack appropriately, and is unaffected, the CISSP trojan discontinues this attack, and self-mutates into a certification of added IS credibility. If accepted by the target, this certification begins to cause the following symptoms: o Increase in self-confidence o Increase in salary requirements o False sense of accomplishment o False sense of self-improvement Despite the symptoms, the target experiences no real benefit whatsoever. The affected target then is made to transfer funds in excess of $2,000 (US) to a remote bank account owned by ISC2. Finally, the affected target promotes itself to a "Certified Information Security Expert" sans authentication. The affected target may then infect others, eventually creating a massive army of unskilled, prefabricated, shrink-wrapped, not for resale, half-assed security engineers, consultants, and "research scientists". II. Impact An abundance of sub-par information security engineers, consultants, and "research scientists". A negative impact on the economy, specifically within the Information Technology sector. III. Solution Avoid any certifications issued by ISC2 until a patch is distributed. Obtain information security related certifications from valid sources. Employers are encouraged to recognize the CISSP as a trojan certification. Appendix A - Vendor Information International Information Security Certification Consortium, Inc. (ISC)2 is the premier organization dedicated to providing information security professionals and practitioners worldwide with the standard for professional certification. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --__--__-- _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure End of Full-Disclosure Digest This e-mail (and any attachments) may contain privileged and/or confidential information. If you are not the intended recipient please do not disclose, copy, distribute, disseminate or take any action in reliance on it. If you have received this message in error please reply and tell us and then delete it. Should you wish to communicate with us by e-mail we cannot guarantee the security of any data outside our own computer systems. For the protection of Legal & General's systems and staff, incoming emails will be automatically scanned. Any information contained in this message may be subject to applicable terms and conditions and must not be construed as giving investment advice within or outside the United Kingdom. Representative only of the Legal & General marketing group, members of which are regulated by the Financial Services Authority for the purposes of advising on life assurance and investment products bearing Legal & General's name. Legal & General Group PLC, Temple Court, 11 Queen Victoria Street, London, EC4N 4TP. Registered in England no: 166055. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #649 - 5 msgs Hillier, Paul (Mar 12)