<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] This Forum virus hits form one subscriber - Causes...
- To: Hugh Dierker <hdierker2204@xxxxxxxxx>
- Subject: Re: [ga] This Forum virus hits form one subscriber - Causes...
- From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
- Date: Tue, 18 May 2004 23:19:11 -0700
- Cc: John Palmer <jp@xxxxxxxx>, ga@xxxxxxxxxxxxxx
- Organization: INEGroup Spokesman
- References: <20040519032456.33360.qmail@web40004.mail.yahoo.com>
- Sender: owner-ga@xxxxxxxxxxxxxx
Eric and all former DNSO GA members or other interested
stakeholders/users,
No Eric, John is right. He didn't post the reply I sent to this
forum, he
sent it to me as a response to a previous post to this forum. Often
this
sort of thing is called "Back Biting". John also sends back any
response
I have sent and I believe you said to me over the phone, to you also,
his
own form of threatening spam. Which of course is utter nonsense.
Hugh Dierker wrote:
> What does that mean? Did you write in private or did you not write
> it?
> Stand tall sir and accept or track down a pirate. It is not always
> easy.
> Hold yourself accountable.
> e
>
> John Palmer <jp@xxxxxxxx> wrote:
> The message attributed to me below was never posted by me to this
> list.
> ----- Original Message -----
> From: "Jeff Williams"
> To: "John Palmer"
> Cc: "General Assembly of the DNSO"
> Sent: Monday, May 17, 2004 21:03
> Subject: Re: [ga] This Forum virus hits form one subscriber -
> Causes...
>
>
> > John,
> >
> > I was born standing up and talking back John... Sorry if that
> > upsets you.. Live with it guy! >;) And I am sorry you feel
> > a need to resort to foul language as well. That indeed is a
> shame...:/
> >
> > John Palmer wrote:
> >
> > > Fuck you Jeff - tell me - were you born an asshole or did your
> mother
> > > teach you how to be one?
> > >
> > > ----- Original Message -----
> > > From: "Jeff Williams"
> > > To: "Leah G"
> > > Cc:
> > > Sent: Monday, May 17, 2004 4:21 AM
> > > Subject: Re: [ga] This Forum virus hits form one subscriber -
> Causes...
> > >
> > > > Leah and all former DNSO GA members or other interested
> stakeholders/users,
> > > >
> > > > Oh? Well than why did you twice inform us all that you did? Oh
> yes
> > > > and BTW I did not say you were using Norton Firewall.. And
> > > > BTW as well the info I provided included "Symantec Norton
> AntiSpam
> > > > 2004" So, why was it that your Email address was several times
> carrying
> > > > a attached file that contained a virus, even after it was
> several times
> > > > pointed out your Email address, and not spoofed as you claimed,
> was
> > > > still sending out a virus in an attached file?
> > > >
> > > > Now I can believe that VERY recently you have changed or added
> > > > additional virus protect software as you state below... But
> that's after
> > > > some time after the fact Leah... Too much time after the fact...
>
> > > >
> > > > The proof as you well know Leah is in the archives. I have no
> > > > problem what so ever providing that proof in a court of proper
> > > > jurisdiction ANY TIME! I await your service...
> > > >
> > > > Leah G wrote:
> > > >
> > > > > Can it Jeff. I don't use Norton Firewall or Norton Internet
> Security.
> > > > > I use Norton AV, Trend Micro online and others for virus
> scanning. My
> > > > > firewall is a double - Zone Alarm Pro and a linux firewall. In
>
> > > > > addition, I keep track of vulnerabilities in all software I
> use and
> > > > > update regularly. I'm probably in the minority in terms of
> keeping up
> > > > > with security alerts. Most people do not.
> > > > >
> > > > > I'm really sick of this, Jeff. Some infected machine has my
> email
> > > > > address and it is being spoofed. If you can't check headers
> and realize
> > > > > that, I'm sorry, but continuing to insist that I have an
> infected
> > > > > machine or that my machine is the source of the viruses sent
> to this
> > > > > list is something you need to RETRACT unless you can prove it
> - and you
> > > > > can't because it is untrue. Now I'm angry.
> > > > >
> > > > > Leah
> > > > >
> > > > > Jeff Williams wrote:
> > > > >
> > > > > > All former DNSO GA members or other interested
> stakeholders/users,
> > > > > >
> > > > > > Lately or recently this forum has been hit by Leah's Email
> address
> > > > > > containing viruses. The cause seems to be from the
> following,
> > > > > > given Leah's several self proclaimed use of Norton.
> > > > > > See ( fixes now avalible, below. Note: switch to some other
> > > > > > vendors virus ware Leah )
> > > > > >
> > > > > > ======================
> > > > > >
> > > > > > HIGH: Symantec Firewall Products Multiple Vulnerabilities
> > > > > > Affected:
> > > > > > Symantec Norton Internet Security 2002
> > > > > > Symantec Norton Internet Security 2003
> > > > > > Symantec Norton Internet Security 2004
> > > > > > Symantec Norton Internet Security Professional 2002
> > > > > > Symantec Norton Internet Security Professional 2003
> > > > > > Symantec Norton Internet Security Professional 2004
> > > > > > Symantec Norton Personal Firewall 2002
> > > > > > Symantec Norton Personal Firewall 2003
> > > > > > Symantec Norton Personal Firewall 2004
> > > > > > Symantec Client Firewall 5.01, 5.1.1
> > > > > > Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)
> > > > > > Symantec Norton AntiSpam 2004
> > > > > >
> > > > > > Description: Symantec firewall products, used by both
> enterprises and
> > > > > > home users, contain the following vulnerabilities in the
> "SYMDNS.SYS"
> > > > > > module. This module validates the DNS and NetBIOS name
> service
> > > > > > responses before allowing them to pass through the firewall.
>
> > > > > >
> > > > > > (1) The module contains a stack-based buffer overflow that
> can be
> > > > > > triggered by a DNS response with an overlong "CNAME" field.
> The
> > > > > > overflow can be exploited to execute arbitrary code with the
>
> > > > > > "KERNEL" privileges.
> > > > > >
> > > > > > Note that the firewall processes all DNS response packets
> i.e. any UDP
> > > > > > packet with source port 53. Hence, the flaw lends itself to
> easy
> > > > > > exploitation via spoofed UDP packets.
> > > > > >
> > > > > > (2) The module contains another stack-based buffer overflow
> that can be
> > > > > > triggered by a specially crafted NetBIOS response with an
> overlong
> > > > > > NetBIOS name. The overflow can be exploited to execute
> arbitrary code
> > > > > > with the "KERNEL" privileges. Note that if the client allows
> Windows
> > > > > > file sharing, the NetBIOS name service port 137/udp is open.
>
> > > > > >
> > > > > > (3) The module contains a heap-based buffer overflow that
> can be
> > > > > > triggered by a crafted NetBIOS response. The problem arises
> when the
> > > > > > NetBIOS response does not contain the "Type", "Class",
> "Time-to-Live"
> > > > > > and "Data Length" fields in a "Resource Record". The
> heap-based
> > > > > > overflow can be leveraged to execute arbitrary code with
> "KERNEL"
> > > > > > privileges, but is believed to be difficult to exploit
> reliably.
> > > > > >
> > > > > > (4) The module contains a denial-of-service vulnerability.
> The problem
> > > > > > arises because a malicious domain name, constructed by using
> the DNS
> > > > > > "compressed name pointer", can cause the decoding routine to
> enter an
> > > > > > "infinite" loop. A hard reboot is required to restore the
> system to
> > > > > > normalcy. The technical details required to exploit all the
> > > > > > vulnerabilities have been posted.
> > > > > >
> > > > > > Status: Symantec has confirmed the flaws; updates available.
> Clients
> > > > > > are advised to use the "LiveUpdate" feature to get the
> latest fixes.
> > > > > >
> > > > > > Council Site Actions: Three of the reporting council sites
> are using
> > > > > > the affected product. One site has already patched their
> systems via
> > > > > > the LiveUpdate Feature. Another site has only notified their
> sysadmins
> > > > > > and has not yet planned how to remediate. They are expecting
> a major
> > > > > > effort since they were hit hard by the recent BlackIce
> attack. The
> > > > > > third site has a large number of Symantec users; however
> they do not
> > > > > > officially support the software and do not plan any action
> at this time.
> > > > > >
> > > > > > They said that if there is an exploit released in the wild,
> they will
> > > > > > inform the end users who have signed up for general security
>
> > > > > > notifications.
> > > > > >
> > > > > > References:
> > > > > > eEye Advisories
> > > > > >
> http://www.eeye.com/html/Research/Advisories/AD20040512D.html (DNS
> > > > > > Overflow)
> > > > > >
> http://www.eeye.com/html/Research/Advisories/AD20040512A.html (NetBIOS
>
> > > > > > Stack Overflow)
> > > > > >
> http://www.eeye.com/html/Research/Advisories/AD20040512C.html (NetBIOS
>
> > > > > > Heap Overflow)
> > > > > >
> http://www.eeye.com/html/Research/Advisories/AD20040512B.html (DNS
> DoS)
> > > > > > Symantec Advisory
> > > > > >
> http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
>
> > > > > >
> > > > > > DNS DoS Exploit
> > > > > >
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
> > > > > > SecurityFocus BID
> > > > > > http://www.securityfocus.com/bid/10333
> > > > > > http://www.securityfocus.com/bid/10334
> > > > > > http://www.securityfocus.com/bid/10335
> > > > > > http://www.securityfocus.com/bid/10336
> > > > > >
> ****************************************************************
> > > > > >
> > > > > > Regards,
> > > > > >
> > > > > > --
> > > > > > Jeffrey A. Williams
> > > > > > Spokesman for INEGroup LLA. - (Over 134k
> members/stakeholders strong!)
> > > > > > "Be precise in the use of words and expect precision from
> others" -
> > > > > > Pierre Abelard
> > > > > >
> > > > > > "If the probability be called P; the injury, L; and the
> burden, B;
> > > > > > liability depends upon whether B is less than L multiplied
> by
> > > > > > P: i.e., whether B is less than PL."
> > > > > > United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
>
> > > > > >
> ===============================================================
> > > > > > Updated 1/26/04
> > > > > > CSO/DIR. Internet Network Eng. SR. Eng. Network data
> security
> > > > > > IDNS. div. of Information Network Eng. INEG. INC.
> > > > > > E-Mail jwkckid1@xxxxxxxxxxxxx
> > > > > > Registered Email addr with the USPS
> > > > > > Contact Number: 214-244-4827
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > Leah G.
> > > > > http://forums.delphiforums.com/atlargeorg
> > > > > http://forums.delphiforums.com/domainwatch
> > > >
> > > > Regards,
> > > >
> > > > --
> > > > Jeffrey A. Williams
> > > > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
> strong!)
> > > > "Be precise in the use of words and expect precision from
> others" -
> > > > Pierre Abelard
> > > >
> > > > "If the probability be called P; the injury, L; and the burden,
> B;
> > > > liability depends upon whether B is less than L multiplied by
> > > > P: i.e., whether B is less than PL."
> > > > United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> > > > ===============================================================
> > > > Updated 1/26/04
> > > > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> > > > IDNS. div. of Information Network Eng. INEG. INC.
> > > > E-Mail jwkckid1@xxxxxxxxxxxxx
> > > > Registered Email addr with the USPS
> > > > Contact Number: 214-244-4827
> > > >
> > > >
> > > >
> > > >
> >
> > Regards,
> >
> > --
> > Jeffrey A. Williams
> > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
> strong!)
> > "Be precise in the use of words and expect precision from others" -
> > Pierre Abelard
> >
> > "If the probability be called P; the injury, L; and the burden, B;
> > liability depends upon whether B is less than L multiplied by
> > P: i.e., whether B is less than PL."
> > United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> > ===============================================================
> > Updated 1/26/04
> > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> > IDNS. div. of Information Network Eng. INEG. INC.
> > E-Mail jwkckid1@xxxxxxxxxxxxx
> > Registered Email addr with the USPS
> > Contact Number: 214-244-4827
> >
> >
> >
> >
>
>
>
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
Pierre Abelard
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|