Re: [ga] This Forum virus hits form one subscriber - Causes...

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Don and all former DNSO GA members or other interested stakeholders/users,

 Sorry your incorrect here.  The proof has already been posted and
also known to a number of ISP's as has also already been posted.

  So again like I said, I await Leah's service.  And as I also said
to John Palmer, I also await his service as well.  I am more than
willing to transact said threats in a court of law any time...

Don Brown wrote:

> No, Jeff.  Leah challenged you to the same standard of either put up or shut
> up.
>
> The burden of proof is on you, Jeff, as the accuser/plaintiff, but you
> know that since you have a law degree, right? So, why don't you
> conduct yourself to the same common standard as an ethical officer of
> the court and show us the evidence?  After all, the district attorney
> is all powerful with the Grand Jury, so you should be in 'fat cat'
> city.
>
> Since you have no evidence, then Leah is acquitted.  So, just leave
> her alone and redirect your delusions somewhere else.
>
> I also challenge you, myself, again. Show me the evidence. If it is
> real, then you can forget everything I said above. I will be on your
> side and against Leah. However, until you do that, just knock it off.
> It smells foul and you are the only person who can fix it . . . .
>
> Thanks,
>
> Monday, May 17, 2004, 9:12:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
> JW> Don and all former DNSO GA members or other interested stakeholders/users,
>
> JW>  Thanks anyway Don, but I have already done what you suggest below.
> JW> And Leah also did most of the work for us all...  Hence your suggestion
> JW> is irrelevant...
>
> JW> Don Brown wrote:
>
> >> See below --
> >>
> >> Monday, May 17, 2004, 4:21:26 AM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
> >> JW> Leah and all former DNSO GA members or other interested stakeholders/users,
> >>
> >> JW>   Oh? Well than why did you twice inform us all that you did? Oh yes
> >> JW> and BTW I did not say you were using Norton Firewall..   And
> >> JW> BTW as well the info I provided included  "Symantec Norton AntiSpam
> >> JW> 2004"
> >> Send us the links to the archives of Leah's posts, in which she
> >> says she is running that firewall.
> >>
> >> JW>   So, why was it that your Email address was several times carrying
> >> JW> a attached file that contained a virus, even after it was several times
> >> JW> pointed out your Email address, and not spoofed as you claimed, was
> >> JW> still sending out a virus in an attached file?
> >> Provide the complete headers of those e-mails which conclusively prove
> >> the e-mail actually came from her and was not forged/spoofed.
> >>
> >> JW>   Now I can believe that VERY recently you  have changed or added
> >> JW> additional virus protect software as you state below...  But that's after
> >> JW> some time after the fact Leah...  Too much time after the fact...
> >>
> >> JW>   The proof as you well know Leah is in the archives.  I have no
> >> JW> problem what so ever providing that proof in a court of proper
> >> JW> jurisdiction ANY TIME!  I await your service...
> >> Just provide the evidence here. You'll need to provide the complete
> >> e-mail headers.
> >>
> >> I you can't or won't substantiate your position here, with the hard
> >> evidence, then just leave her alone.  IOW, put up or shut up.
> >>
> >> Thanks,
> >>
> >> JW> Leah G wrote:
> >>
> >> >> Can it Jeff.  I don't use Norton Firewall or Norton Internet Security.
> >> >> I use Norton AV, Trend Micro online and others for virus scanning.  My
> >> >> firewall is a double - Zone Alarm Pro and a linux firewall.  In
> >> >> addition, I keep track of vulnerabilities in all software I use and
> >> >> update regularly.  I'm probably in the minority in terms of keeping up
> >> >> with security alerts.  Most people do not.
> >> >>
> >> >> I'm really sick of this, Jeff.  Some infected machine has my email
> >> >> address and it is being spoofed.  If you can't check headers and realize
> >> >> that, I'm sorry, but continuing to insist that I have an infected
> >> >> machine or that my machine is the source of the viruses sent to this
> >> >> list is something you need to RETRACT unless you can prove it - and you
> >> >> can't because it is untrue.  Now I'm angry.
> >> >>
> >> >> Leah
> >> >>
> >> >> Jeff Williams wrote:
> >> >>
> >> >> > All former DNSO GA members or other interested stakeholders/users,
> >> >> >
> >> >> >   Lately or recently this forum has been hit by Leah's Email address
> >> >> > containing viruses.  The cause seems to be from the following,
> >> >> > given Leah's several self proclaimed use of Norton.
> >> >> > See ( fixes now avalible, below.  Note: switch to some other
> >> >> > vendors virus ware Leah )
> >> >> >
> >> >> > ======================
> >> >> >
> >> >> >  HIGH: Symantec Firewall Products Multiple Vulnerabilities
> >> >> > Affected:
> >> >> > Symantec Norton Internet Security 2002
> >> >> > Symantec Norton Internet Security 2003
> >> >> > Symantec Norton Internet Security 2004
> >> >> > Symantec Norton Internet Security Professional 2002
> >> >> > Symantec Norton Internet Security Professional 2003
> >> >> > Symantec Norton Internet Security Professional 2004
> >> >> > Symantec Norton Personal Firewall 2002
> >> >> > Symantec Norton Personal Firewall 2003
> >> >> > Symantec Norton Personal Firewall 2004
> >> >> > Symantec Client Firewall 5.01, 5.1.1
> >> >> > Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)
> >> >> > Symantec Norton AntiSpam 2004
> >> >> >
> >> >> > Description: Symantec firewall products, used by both enterprises and
> >> >> > home users, contain the following vulnerabilities in the "SYMDNS.SYS"
> >> >> > module. This module validates the DNS and NetBIOS name service
> >> >> > responses before allowing them to pass through the firewall.
> >> >> >
> >> >> > (1) The module contains a stack-based buffer overflow that can be
> >> >> > triggered by a DNS response with an overlong "CNAME" field. The
> >> >> > overflow can be exploited to execute arbitrary code with the
> >> >> > "KERNEL" privileges.
> >> >> >
> >> >> > Note that the firewall processes all DNS response packets i.e. any UDP
> >> >> > packet with source port 53. Hence, the flaw lends itself to easy
> >> >> > exploitation via spoofed UDP packets.
> >> >> >
> >> >> > (2) The module contains another stack-based buffer overflow that can be
> >> >> > triggered by a specially crafted NetBIOS response with an overlong
> >> >> > NetBIOS name. The overflow can be exploited to execute arbitrary code
> >> >> > with the "KERNEL" privileges. Note that if the client allows Windows
> >> >> > file sharing, the NetBIOS name service port 137/udp is open.
> >> >> >
> >> >> > (3) The module contains a heap-based buffer overflow that can be
> >> >> > triggered by a crafted NetBIOS response. The problem arises when the
> >> >> > NetBIOS response does not contain the "Type", "Class", "Time-to-Live"
> >> >> > and "Data Length" fields in a "Resource Record". The heap-based
> >> >> > overflow can be leveraged to execute arbitrary code with "KERNEL"
> >> >> > privileges, but is believed to be difficult to exploit reliably.
> >> >> >
> >> >> > (4) The module contains a denial-of-service vulnerability. The problem
> >> >> > arises because a malicious domain name, constructed by using the DNS
> >> >> > "compressed name pointer", can cause the decoding routine to enter an
> >> >> > "infinite" loop. A hard reboot is required to restore the system to
> >> >> > normalcy. The technical details required to exploit all the
> >> >> > vulnerabilities have been posted.
> >> >> >
> >> >> > Status: Symantec has confirmed the flaws; updates available. Clients
> >> >> > are advised to use the "LiveUpdate" feature to get the latest fixes.
> >> >> >
> >> >> > Council Site Actions:  Three of the reporting council sites are using
> >> >> > the affected product.  One site has already patched their systems via
> >> >> > the LiveUpdate Feature.  Another site has only notified their sysadmins
> >> >> > and has not yet planned how to remediate. They are expecting a major
> >> >> > effort since they were hit hard by the recent BlackIce attack.  The
> >> >> > third site has a large number of Symantec users; however they do not
> >> >> > officially support the software and do not plan any action at this time.
> >> >> >
> >> >> > They said that if there is an exploit released in the wild, they will
> >> >> > inform the end users who have signed up for general security
> >> >> > notifications.
> >> >> >
> >> >> > References:
> >> >> > eEye Advisories
> >> >> >
> >> http://www.eeye.com/html/Research/Advisories/AD20040512D.html (DNS
> >> >> > Overflow)
> >> >> >
> >> http://www.eeye.com/html/Research/Advisories/AD20040512A.html
> >> (NetBIOS
> >> >> > Stack Overflow)
> >> >> >
> >> http://www.eeye.com/html/Research/Advisories/AD20040512C.html
> >> (NetBIOS
> >> >> > Heap Overflow)
> >> >> >
> >> http://www.eeye.com/html/Research/Advisories/AD20040512B.html (DNS
> >> DoS)
> >> >> > Symantec Advisory
> >> >> >
> >> >>
> >> http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
> >> >> >
> >> >> > DNS DoS Exploit
> >> >> >
> >> http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
> >> >> > SecurityFocus BID
> >> >> > http://www.securityfocus.com/bid/10333
> >> >> > http://www.securityfocus.com/bid/10334
> >> >> > http://www.securityfocus.com/bid/10335
> >> >> > http://www.securityfocus.com/bid/10336
> >> >> >
> >> ****************************************************************
> >> >> >
> >> >> > Regards,
> >> >> >
> >> >> > --
> >> >> > Jeffrey A. Williams
> >> >> > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> >> >> > "Be precise in the use of words and expect precision from others" -
> >> >> >     Pierre Abelard
> >> >> >
> >> >> > "If the probability be called P; the injury, L; and the burden, B;
> >> >> > liability depends upon whether B is less than L multiplied by
> >> >> > P: i.e., whether B is less than PL."
> >> >> > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> >> >> >
> >> ===============================================================
> >> >> > Updated 1/26/04
> >> >> > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> >> >> > IDNS. div. of Information Network Eng.  INEG. INC.
> >> >> > E-Mail jwkckid1@xxxxxxxxxxxxx
> >> >> >  Registered Email addr with the USPS
> >> >> > Contact Number: 214-244-4827
> >> >> >
> >> >> >
> >> >>
> >> >> --
> >> >> Leah G.
> >> >> http://forums.delphiforums.com/atlargeorg
> >> >> http://forums.delphiforums.com/domainwatch
> >>
> >> JW> Regards,
> >>
> >> JW> --
> >> JW> Jeffrey A. Williams
> >> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> >> JW> "Be precise in the use of words and expect precision from others" -
> >> JW>     Pierre Abelard
> >>
> >> JW> "If the probability be called P; the injury, L; and the burden, B;
> >> JW> liability depends upon whether B is less than L multiplied by
> >> JW> P: i.e., whether B is less than PL."
> >> JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> >> JW> ===============================================================
> >> JW> Updated 1/26/04
> >> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> >> JW> IDNS. div. of Information Network Eng.  INEG. INC.
> >> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
> >> JW>  Registered Email addr with the USPS
> >> JW> Contact Number: 214-244-4827
> >>
> >> ----
> >> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
> >> donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
> >> (972) 788-2364                    Fax: (972) 788-5049
> >> ----
>
> JW> Regards,
>
> JW> --
> JW> Jeffrey A. Williams
> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> JW> "Be precise in the use of words and expect precision from others" -
> JW>     Pierre Abelard
>
> JW> "If the probability be called P; the injury, L; and the burden, B;
> JW> liability depends upon whether B is less than L multiplied by
> JW> P: i.e., whether B is less than PL."
> JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> JW> ===============================================================
> JW> Updated 1/26/04
> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> JW> IDNS. div. of Information Network Eng.  INEG. INC.
> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
> JW>  Registered Email addr with the USPS
> JW> Contact Number: 214-244-4827
>
> ----
> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
> donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
> (972) 788-2364                    Fax: (972) 788-5049
> ----

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827