Re: [ga] This Forum virus hits form one subscriber - Causes...

[Don Brown <donbrown_l@xxxxxxxxxxxxxxxx>]

Oh, just stuff it, Jeff.  Saying that you proved it elsewhere doesn't make
the stretch here.  If you did, indeed, prove it elsewhere then it
won't be a big effort to send a copy here.

You made the accusation and the burden is on YOU to prove it, but you
haven't. Instead, you've played double-speak to circumvent the
evidence. That dog just doesn't hunt.

You make statements of truth, but are not willing to back them with
the facts.  Since you can't prove it, just stuff it.

I have no ill will, Jeff, I just grow weary of accusations without
supporting facts.  However, you can fix that and IF YOU DO, I will be
100% on your side.  So, I say, again, put up or shut up.  It is your
decision.

Thanks,

Monday, May 17, 2004, 10:21:33 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
JW> Don and all former DNSO GA members or other interested stakeholders/users,

JW>   Oh?  Well pray tell than why respond to any of my comments or
JW> remarks at all, Don?  Why would Leah? Why would Eric?

JW>   Now you incorrectness on several of your and Leah's comments
JW> or remarks may be a product of any number of several motivations.
JW> However give your, Leah's and John's tone of those remarks seem
JW> to be of some ill will in nature.  That is unfortunate and certainly
JW> not positive...  Yet my raising awareness and accurately as is
JW> well documented, which you either missed or not willing to
JW> research for yourself and as a reminder, is of your own doing,
JW> not mine...

JW> Don Brown wrote:

>> I was, however, concise and probably more accurate than the response,
>> IMHO. Good post, John.  Your not making a lot of points these days,
>> Jeff.
>>
>> Monday, May 17, 2004, 9:03:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
>> JW> John,
>>
>> JW>   I was born standing up and talking back John...  Sorry if that
>> JW> upsets you..  Live with it guy!  >;)  And I am sorry you feel
>> JW> a need to resort to foul language as well.  That indeed is a shame...:/
>>
>> JW> John Palmer wrote:
>>
>> >> Fuck you Jeff - tell me - were you born an asshole or did your mother
>> >> teach you how to be one?
>> >>
>> >> ----- Original Message -----
>> >> From: "Jeff Williams" <jwkckid1@xxxxxxxxxxxxx>
>> >> To: "Leah G" <jandl@xxxxxxxxx>
>> >> Cc: <ga@xxxxxxxxxxxxxx>
>> >> Sent: Monday, May 17, 2004 4:21 AM
>> >> Subject: Re: [ga] This Forum virus hits form one subscriber - Causes...
>> >>
>> >> > Leah and all former DNSO GA members or other interested stakeholders/users,
>> >> >
>> >> >   Oh? Well than why did you twice inform us all that you did? Oh yes
>> >> > and BTW I did not say you were using Norton Firewall..   And
>> >> > BTW as well the info I provided included  "Symantec Norton AntiSpam
>> >> > 2004"  So, why was it that your Email address was several times carrying
>> >> > a attached file that contained a virus, even after it was several times
>> >> > pointed out your Email address, and not spoofed as you claimed, was
>> >> > still sending out a virus in an attached file?
>> >> >
>> >> >   Now I can believe that VERY recently you  have changed or added
>> >> > additional virus protect software as you state below...  But that's after
>> >> > some time after the fact Leah...  Too much time after the fact...
>> >> >
>> >> >   The proof as you well know Leah is in the archives.  I have no
>> >> > problem what so ever providing that proof in a court of proper
>> >> > jurisdiction ANY TIME!  I await your service...
>> >> >
>> >> > Leah G wrote:
>> >> >
>> >> > > Can it Jeff.  I don't use Norton Firewall or Norton Internet Security.
>> >> > > I use Norton AV, Trend Micro online and others for virus scanning.  My
>> >> > > firewall is a double - Zone Alarm Pro and a linux firewall.  In
>> >> > > addition, I keep track of vulnerabilities in all software I use and
>> >> > > update regularly.  I'm probably in the minority in terms of keeping up
>> >> > > with security alerts.  Most people do not.
>> >> > >
>> >> > > I'm really sick of this, Jeff.  Some infected machine has my email
>> >> > > address and it is being spoofed.  If you can't check headers and realize
>> >> > > that, I'm sorry, but continuing to insist that I have an infected
>> >> > > machine or that my machine is the source of the viruses sent to this
>> >> > > list is something you need to RETRACT unless you can prove it - and you
>> >> > > can't because it is untrue.  Now I'm angry.
>> >> > >
>> >> > > Leah
>> >> > >
>> >> > > Jeff Williams wrote:
>> >> > >
>> >> > > > All former DNSO GA members or other interested stakeholders/users,
>> >> > > >
>> >> > > >   Lately or recently this forum has been hit by Leah's Email address
>> >> > > > containing viruses.  The cause seems to be from the following,
>> >> > > > given Leah's several self proclaimed use of Norton.
>> >> > > > See ( fixes now avalible, below.  Note: switch to some other
>> >> > > > vendors virus ware Leah )
>> >> > > >
>> >> > > > ======================
>> >> > > >
>> >> > > >  HIGH: Symantec Firewall Products Multiple Vulnerabilities
>> >> > > > Affected:
>> >> > > > Symantec Norton Internet Security 2002
>> >> > > > Symantec Norton Internet Security 2003
>> >> > > > Symantec Norton Internet Security 2004
>> >> > > > Symantec Norton Internet Security Professional 2002
>> >> > > > Symantec Norton Internet Security Professional 2003
>> >> > > > Symantec Norton Internet Security Professional 2004
>> >> > > > Symantec Norton Personal Firewall 2002
>> >> > > > Symantec Norton Personal Firewall 2003
>> >> > > > Symantec Norton Personal Firewall 2004
>> >> > > > Symantec Client Firewall 5.01, 5.1.1
>> >> > > > Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)
>> >> > > > Symantec Norton AntiSpam 2004
>> >> > > >
>> >> > > > Description: Symantec firewall products, used by both enterprises and
>> >> > > > home users, contain the following vulnerabilities in the "SYMDNS.SYS"
>> >> > > > module. This module validates the DNS and NetBIOS name service
>> >> > > > responses before allowing them to pass through the firewall.
>> >> > > >
>> >> > > > (1) The module contains a stack-based buffer overflow that can be
>> >> > > > triggered by a DNS response with an overlong "CNAME" field. The
>> >> > > > overflow can be exploited to execute arbitrary code with the
>> >> > > > "KERNEL" privileges.
>> >> > > >
>> >> > > > Note that the firewall processes all DNS response packets i.e. any UDP
>> >> > > > packet with source port 53. Hence, the flaw lends itself to easy
>> >> > > > exploitation via spoofed UDP packets.
>> >> > > >
>> >> > > > (2) The module contains another stack-based buffer overflow that can be
>> >> > > > triggered by a specially crafted NetBIOS response with an overlong
>> >> > > > NetBIOS name. The overflow can be exploited to execute arbitrary code
>> >> > > > with the "KERNEL" privileges. Note that if the client allows Windows
>> >> > > > file sharing, the NetBIOS name service port 137/udp is open.
>> >> > > >
>> >> > > > (3) The module contains a heap-based buffer overflow that can be
>> >> > > > triggered by a crafted NetBIOS response. The problem arises when the
>> >> > > > NetBIOS response does not contain the "Type", "Class", "Time-to-Live"
>> >> > > > and "Data Length" fields in a "Resource Record". The heap-based
>> >> > > > overflow can be leveraged to execute arbitrary code with "KERNEL"
>> >> > > > privileges, but is believed to be difficult to exploit reliably.
>> >> > > >
>> >> > > > (4) The module contains a denial-of-service vulnerability. The problem
>> >> > > > arises because a malicious domain name, constructed by using the DNS
>> >> > > > "compressed name pointer", can cause the decoding routine to enter an
>> >> > > > "infinite" loop. A hard reboot is required to restore the system to
>> >> > > > normalcy. The technical details required to exploit all the
>> >> > > > vulnerabilities have been posted.
>> >> > > >
>> >> > > > Status: Symantec has confirmed the flaws; updates available. Clients
>> >> > > > are advised to use the "LiveUpdate" feature to get the latest fixes.
>> >> > > >
>> >> > > > Council Site Actions:  Three of the reporting council sites are using
>> >> > > > the affected product.  One site has already patched their systems via
>> >> > > > the LiveUpdate Feature.  Another site has only notified their sysadmins
>> >> > > > and has not yet planned how to remediate. They are expecting a major
>> >> > > > effort since they were hit hard by the recent BlackIce attack.  The
>> >> > > > third site has a large number of Symantec users; however they do not
>> >> > > > officially support the software and do not plan any action at this time.
>> >> > > >
>> >> > > > They said that if there is an exploit released in the wild, they will
>> >> > > > inform the end users who have signed up for general security
>> >> > > > notifications.
>> >> > > >
>> >> > > > References:
>> >> > > > eEye Advisories
>> >> > > >
>> >>
>> http://www.eeye.com/html/Research/Advisories/AD20040512D.html (DNS
>> >> > > > Overflow)
>> >> > > >
>> >> http://www.eeye.com/html/Research/Advisories/AD20040512A.html
>> >> (NetBIOS
>> >> > > > Stack Overflow)
>> >> > > >
>> >> http://www.eeye.com/html/Research/Advisories/AD20040512C.html
>> >> (NetBIOS
>> >> > > > Heap Overflow)
>> >> > > >
>> >>
>> http://www.eeye.com/html/Research/Advisories/AD20040512B.html (DNS
>> >> DoS)
>> >> > > > Symantec Advisory
>> >> > > >
>> >>
>> http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
>> >> > > >
>> >> > > > DNS DoS Exploit
>> >> > > >
>> >> http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
>> >> > > > SecurityFocus BID
>> >> > > > http://www.securityfocus.com/bid/10333
>> >> > > > http://www.securityfocus.com/bid/10334
>> >> > > > http://www.securityfocus.com/bid/10335
>> >> > > > http://www.securityfocus.com/bid/10336
>> >> > > >
>> >> ****************************************************************
>> >> > > >
>> >> > > > Regards,
>> >> > > >
>> >> > > > --
>> >> > > > Jeffrey A. Williams
>> >> > > > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> >> > > > "Be precise in the use of words and expect precision from others" -
>> >> > > >     Pierre Abelard
>> >> > > >
>> >> > > > "If the probability be called P; the injury, L; and the burden, B;
>> >> > > > liability depends upon whether B is less than L multiplied by
>> >> > > > P: i.e., whether B is less than PL."
>> >> > > > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> >> > > >
>> >> ===============================================================
>> >> > > > Updated 1/26/04
>> >> > > > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> >> > > > IDNS. div. of Information Network Eng.  INEG. INC.
>> >> > > > E-Mail jwkckid1@xxxxxxxxxxxxx
>> >> > > >  Registered Email addr with the USPS
>> >> > > > Contact Number: 214-244-4827
>> >> > > >
>> >> > > >
>> >> > >
>> >> > > --
>> >> > > Leah G.
>> >> > > http://forums.delphiforums.com/atlargeorg
>> >> > > http://forums.delphiforums.com/domainwatch
>> >> >
>> >> > Regards,
>> >> >
>> >> > --
>> >> > Jeffrey A. Williams
>> >> > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> >> > "Be precise in the use of words and expect precision from others" -
>> >> >     Pierre Abelard
>> >> >
>> >> > "If the probability be called P; the injury, L; and the burden, B;
>> >> > liability depends upon whether B is less than L multiplied by
>> >> > P: i.e., whether B is less than PL."
>> >> > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> >> >
>> ===============================================================
>> >> > Updated 1/26/04
>> >> > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> >> > IDNS. div. of Information Network Eng.  INEG. INC.
>> >> > E-Mail jwkckid1@xxxxxxxxxxxxx
>> >> >  Registered Email addr with the USPS
>> >> > Contact Number: 214-244-4827
>> >> >
>> >> >
>> >> >
>> >> >
>>
>> JW> Regards,
>>
>> JW> --
>> JW> Jeffrey A. Williams
>> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> JW> "Be precise in the use of words and expect precision from others" -
>> JW>     Pierre Abelard
>>
>> JW> "If the probability be called P; the injury, L; and the burden, B;
>> JW> liability depends upon whether B is less than L multiplied by
>> JW> P: i.e., whether B is less than PL."
>> JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> JW> ===============================================================
>> JW> Updated 1/26/04
>> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> JW> IDNS. div. of Information Network Eng.  INEG. INC.
>> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
>> JW>  Registered Email addr with the USPS
>> JW> Contact Number: 214-244-4827
>>
>> ----
>> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
>> donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
>> (972) 788-2364                    Fax: (972) 788-5049
>> ----

JW> Regards,

JW> --
JW> Jeffrey A. William's
JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
JW> "Be precise in the use of words and expect precision from others" -
JW>     Pierre Abelard

JW> "If the probability be called P; the injury, L; and the burden, B;
JW> liability depends upon whether B is less than L multiplied by
JW> P: i.e., whether B is less than PL."
JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
JW> ===============================================================
JW> Updated 1/26/04
JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
JW> IDNS. div. of Information Network Eng.  INEG. INC.
JW> E-Mail jwkckid1@xxxxxxxxxxxxx
JW>  Registered Email addr with the USPS
JW> Contact Number: 214-244-4827





----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
(972) 788-2364                    Fax: (972) 788-5049
----