Re: [ga] This Forum virus hits form one subscriber - Causes...

[Don Brown <donbrown_l@xxxxxxxxxxxxxxxx>]

Well, then post it here. What's the problem, unless, of course, it is
a figment of your imagination. Post the bonefide proof and I'll be
100% behind you. So, why not, Jeff, other than the lack of the
evidence. If that's it, then you make yourself out to be a fraud, a
fake and a legend in your own mind.

Redeem yourself and post the evidence or just shut up.

Thanks,


Monday, May 17, 2004, 10:02:18 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
JW> Don and all former DNSO GA members or other interested stakeholders/users,

JW>  Sorry your incorrect here.  The proof has already been posted and
JW> also known to a number of ISP's as has also already been posted.

JW>   So again like I said, I await Leah's service.  And as I also said
JW> to John Palmer, I also await his service as well.  I am more than
JW> willing to transact said threats in a court of law any time...

JW> Don Brown wrote:

>> No, Jeff.  Leah challenged you to the same standard of either put up or shut
>> up.
>>
>> The burden of proof is on you, Jeff, as the accuser/plaintiff, but you
>> know that since you have a law degree, right? So, why don't you
>> conduct yourself to the same common standard as an ethical officer of
>> the court and show us the evidence?  After all, the district attorney
>> is all powerful with the Grand Jury, so you should be in 'fat cat'
>> city.
>>
>> Since you have no evidence, then Leah is acquitted.  So, just leave
>> her alone and redirect your delusions somewhere else.
>>
>> I also challenge you, myself, again. Show me the evidence. If it is
>> real, then you can forget everything I said above. I will be on your
>> side and against Leah. However, until you do that, just knock it off.
>> It smells foul and you are the only person who can fix it . . . .
>>
>> Thanks,
>>
>> Monday, May 17, 2004, 9:12:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
>> JW> Don and all former DNSO GA members or other interested stakeholders/users,
>>
>> JW>  Thanks anyway Don, but I have already done what you suggest below.
>> JW> And Leah also did most of the work for us all...  Hence your suggestion
>> JW> is irrelevant...
>>
>> JW> Don Brown wrote:
>>
>> >> See below --
>> >>
>> >> Monday, May 17, 2004, 4:21:26 AM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
>> >> JW> Leah and all former DNSO GA members or other interested stakeholders/users,
>> >>
>> >> JW>   Oh? Well than why did you twice inform us all that you did? Oh yes
>> >> JW> and BTW I did not say you were using Norton Firewall..   And
>> >> JW> BTW as well the info I provided included  "Symantec Norton AntiSpam
>> >> JW> 2004"
>> >> Send us the links to the archives of Leah's posts, in which she
>> >> says she is running that firewall.
>> >>
>> >> JW>   So, why was it that your Email address was several times carrying
>> >> JW> a attached file that contained a virus, even after it was several times
>> >> JW> pointed out your Email address, and not spoofed as you claimed, was
>> >> JW> still sending out a virus in an attached file?
>> >> Provide the complete headers of those e-mails which conclusively prove
>> >> the e-mail actually came from her and was not forged/spoofed.
>> >>
>> >> JW>   Now I can believe that VERY recently you  have changed or added
>> >> JW> additional virus protect software as you state below...  But that's after
>> >> JW> some time after the fact Leah...  Too much time after the fact...
>> >>
>> >> JW>   The proof as you well know Leah is in the archives.  I have no
>> >> JW> problem what so ever providing that proof in a court of proper
>> >> JW> jurisdiction ANY TIME!  I await your service...
>> >> Just provide the evidence here. You'll need to provide the complete
>> >> e-mail headers.
>> >>
>> >> I you can't or won't substantiate your position here, with the hard
>> >> evidence, then just leave her alone.  IOW, put up or shut up.
>> >>
>> >> Thanks,
>> >>
>> >> JW> Leah G wrote:
>> >>
>> >> >> Can it Jeff.  I don't use Norton Firewall or Norton Internet Security.
>> >> >> I use Norton AV, Trend Micro online and others for virus scanning.  My
>> >> >> firewall is a double - Zone Alarm Pro and a linux firewall.  In
>> >> >> addition, I keep track of vulnerabilities in all software I use and
>> >> >> update regularly.  I'm probably in the minority in terms of keeping up
>> >> >> with security alerts.  Most people do not.
>> >> >>
>> >> >> I'm really sick of this, Jeff.  Some infected machine has my email
>> >> >> address and it is being spoofed.  If you can't check headers and realize
>> >> >> that, I'm sorry, but continuing to insist that I have an infected
>> >> >> machine or that my machine is the source of the viruses sent to this
>> >> >> list is something you need to RETRACT unless you can prove it - and you
>> >> >> can't because it is untrue.  Now I'm angry.
>> >> >>
>> >> >> Leah
>> >> >>
>> >> >> Jeff Williams wrote:
>> >> >>
>> >> >> > All former DNSO GA members or other interested stakeholders/users,
>> >> >> >
>> >> >> >   Lately or recently this forum has been hit by Leah's Email address
>> >> >> > containing viruses.  The cause seems to be from the following,
>> >> >> > given Leah's several self proclaimed use of Norton.
>> >> >> > See ( fixes now avalible, below.  Note: switch to some other
>> >> >> > vendors virus ware Leah )
>> >> >> >
>> >> >> > ======================
>> >> >> >
>> >> >> >  HIGH: Symantec Firewall Products Multiple Vulnerabilities
>> >> >> > Affected:
>> >> >> > Symantec Norton Internet Security 2002
>> >> >> > Symantec Norton Internet Security 2003
>> >> >> > Symantec Norton Internet Security 2004
>> >> >> > Symantec Norton Internet Security Professional 2002
>> >> >> > Symantec Norton Internet Security Professional 2003
>> >> >> > Symantec Norton Internet Security Professional 2004
>> >> >> > Symantec Norton Personal Firewall 2002
>> >> >> > Symantec Norton Personal Firewall 2003
>> >> >> > Symantec Norton Personal Firewall 2004
>> >> >> > Symantec Client Firewall 5.01, 5.1.1
>> >> >> > Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)
>> >> >> > Symantec Norton AntiSpam 2004
>> >> >> >
>> >> >> > Description: Symantec firewall products, used by both enterprises and
>> >> >> > home users, contain the following vulnerabilities in the "SYMDNS.SYS"
>> >> >> > module. This module validates the DNS and NetBIOS name service
>> >> >> > responses before allowing them to pass through the firewall.
>> >> >> >
>> >> >> > (1) The module contains a stack-based buffer overflow that can be
>> >> >> > triggered by a DNS response with an overlong "CNAME" field. The
>> >> >> > overflow can be exploited to execute arbitrary code with the
>> >> >> > "KERNEL" privileges.
>> >> >> >
>> >> >> > Note that the firewall processes all DNS response packets i.e. any UDP
>> >> >> > packet with source port 53. Hence, the flaw lends itself to easy
>> >> >> > exploitation via spoofed UDP packets.
>> >> >> >
>> >> >> > (2) The module contains another stack-based buffer overflow that can be
>> >> >> > triggered by a specially crafted NetBIOS response with an overlong
>> >> >> > NetBIOS name. The overflow can be exploited to execute arbitrary code
>> >> >> > with the "KERNEL" privileges. Note that if the client allows Windows
>> >> >> > file sharing, the NetBIOS name service port 137/udp is open.
>> >> >> >
>> >> >> > (3) The module contains a heap-based buffer overflow that can be
>> >> >> > triggered by a crafted NetBIOS response. The problem arises when the
>> >> >> > NetBIOS response does not contain the "Type", "Class", "Time-to-Live"
>> >> >> > and "Data Length" fields in a "Resource Record". The heap-based
>> >> >> > overflow can be leveraged to execute arbitrary code with "KERNEL"
>> >> >> > privileges, but is believed to be difficult to exploit reliably.
>> >> >> >
>> >> >> > (4) The module contains a denial-of-service vulnerability. The problem
>> >> >> > arises because a malicious domain name, constructed by using the DNS
>> >> >> > "compressed name pointer", can cause the decoding routine to enter an
>> >> >> > "infinite" loop. A hard reboot is required to restore the system to
>> >> >> > normalcy. The technical details required to exploit all the
>> >> >> > vulnerabilities have been posted.
>> >> >> >
>> >> >> > Status: Symantec has confirmed the flaws; updates available. Clients
>> >> >> > are advised to use the "LiveUpdate" feature to get the latest fixes.
>> >> >> >
>> >> >> > Council Site Actions:  Three of the reporting council sites are using
>> >> >> > the affected product.  One site has already patched their systems via
>> >> >> > the LiveUpdate Feature.  Another site has only notified their sysadmins
>> >> >> > and has not yet planned how to remediate. They are expecting a major
>> >> >> > effort since they were hit hard by the recent BlackIce attack.  The
>> >> >> > third site has a large number of Symantec users; however they do not
>> >> >> > officially support the software and do not plan any action at this time.
>> >> >> >
>> >> >> > They said that if there is an exploit released in the wild, they will
>> >> >> > inform the end users who have signed up for general security
>> >> >> > notifications.
>> >> >> >
>> >> >> > References:
>> >> >> > eEye Advisories
>> >> >> >
>> >>
>> http://www.eeye.com/html/Research/Advisories/AD20040512D.html (DNS
>> >> >> > Overflow)
>> >> >> >
>> >> http://www.eeye.com/html/Research/Advisories/AD20040512A.html
>> >> (NetBIOS
>> >> >> > Stack Overflow)
>> >> >> >
>> >> http://www.eeye.com/html/Research/Advisories/AD20040512C.html
>> >> (NetBIOS
>> >> >> > Heap Overflow)
>> >> >> >
>> >>
>> http://www.eeye.com/html/Research/Advisories/AD20040512B.html (DNS
>> >> DoS)
>> >> >> > Symantec Advisory
>> >> >> >
>> >> >>
>> >>
>> http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
>> >> >> >
>> >> >> > DNS DoS Exploit
>> >> >> >
>> >> http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
>> >> >> > SecurityFocus BID
>> >> >> > http://www.securityfocus.com/bid/10333
>> >> >> > http://www.securityfocus.com/bid/10334
>> >> >> > http://www.securityfocus.com/bid/10335
>> >> >> > http://www.securityfocus.com/bid/10336
>> >> >> >
>> >> ****************************************************************
>> >> >> >
>> >> >> > Regards,
>> >> >> >
>> >> >> > --
>> >> >> > Jeffrey A. Williams
>> >> >> > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> >> >> > "Be precise in the use of words and expect precision from others" -
>> >> >> >     Pierre Abelard
>> >> >> >
>> >> >> > "If the probability be called P; the injury, L; and the burden, B;
>> >> >> > liability depends upon whether B is less than L multiplied by
>> >> >> > P: i.e., whether B is less than PL."
>> >> >> > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> >> >> >
>> >> ===============================================================
>> >> >> > Updated 1/26/04
>> >> >> > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> >> >> > IDNS. div. of Information Network Eng.  INEG. INC.
>> >> >> > E-Mail jwkckid1@xxxxxxxxxxxxx
>> >> >> >  Registered Email addr with the USPS
>> >> >> > Contact Number: 214-244-4827
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> --
>> >> >> Leah G.
>> >> >> http://forums.delphiforums.com/atlargeorg
>> >> >> http://forums.delphiforums.com/domainwatch
>> >>
>> >> JW> Regards,
>> >>
>> >> JW> --
>> >> JW> Jeffrey A. Williams
>> >> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> >> JW> "Be precise in the use of words and expect precision from others" -
>> >> JW>     Pierre Abelard
>> >>
>> >> JW> "If the probability be called P; the injury, L; and the burden, B;
>> >> JW> liability depends upon whether B is less than L multiplied by
>> >> JW> P: i.e., whether B is less than PL."
>> >> JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> >> JW>
>> ===============================================================
>> >> JW> Updated 1/26/04
>> >> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> >> JW> IDNS. div. of Information Network Eng.  INEG. INC.
>> >> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
>> >> JW>  Registered Email addr with the USPS
>> >> JW> Contact Number: 214-244-4827
>> >>
>> >> ----
>> >> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
>> >> donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
>> >> (972) 788-2364                    Fax: (972) 788-5049
>> >> ----
>>
>> JW> Regards,
>>
>> JW> --
>> JW> Jeffrey A. Williams
>> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> JW> "Be precise in the use of words and expect precision from others" -
>> JW>     Pierre Abelard
>>
>> JW> "If the probability be called P; the injury, L; and the burden, B;
>> JW> liability depends upon whether B is less than L multiplied by
>> JW> P: i.e., whether B is less than PL."
>> JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> JW> ===============================================================
>> JW> Updated 1/26/04
>> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> JW> IDNS. div. of Information Network Eng.  INEG. INC.
>> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
>> JW>  Registered Email addr with the USPS
>> JW> Contact Number: 214-244-4827
>>
>> ----
>> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
>> donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
>> (972) 788-2364                    Fax: (972) 788-5049
>> ----

JW> Regards,

JW> --
JW> Jeffrey A. Williams
JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
JW> "Be precise in the use of words and expect precision from others" -
JW>     Pierre Abelard

JW> "If the probability be called P; the injury, L; and the burden, B;
JW> liability depends upon whether B is less than L multiplied by
JW> P: i.e., whether B is less than PL."
JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
JW> ===============================================================
JW> Updated 1/26/04
JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
JW> IDNS. div. of Information Network Eng.  INEG. INC.
JW> E-Mail jwkckid1@xxxxxxxxxxxxx
JW>  Registered Email addr with the USPS
JW> Contact Number: 214-244-4827





----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
(972) 788-2364                    Fax: (972) 788-5049
----