I have found some faults in the scanning tools available from Foundstone and
Microsoft for RPC vulnerable machines. Both of these tools are not error free.
These tools are showing the ip addresses of even those machines which are
Windows 9x, Windows98/Sec, Windows ME. Both tools are not free from this error.
And Foundstone's RPC Scan tool is even more error prone. If you even applied
all the patches in correct sequence even then some of my machines are reported
as "Vulnerable".
Any body have any experience with these problems or any suggestions please let
me know.
Best Regards,
Nadeem Rafi
-----Original Message-----
From: full-disclosure-request@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-request@xxxxxxxxxxxxxxxx]
Sent: Wed 9/3/2003 3:39 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc:
Subject: Full-Disclosure digest, Vol 1 #1083 - 33 msgs
Send Full-Disclosure mailing list submissions to
full-disclosure@xxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@xxxxxxxxxxxxxxxx
You can reach the person managing the list at
full-disclosure-admin@xxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Today's Topics:
1. Re: Tracking a virus by logging infected machines (Joel R.
Helgeson)
2. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Tiago Halm)
3. RE: Tracking a virus by logging infected machines (Richard M.
Smith)
4. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Tim)
5. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Tim)
6. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Tim)
7. RE: New Microsoft Internet Explorer
mshtml.dll Denial of Service? (nonleft)
8. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(morning_wood)
9. RE: New Microsoft Internet Explorer mshtml.dll Denial of
Service? (Tiago Halm)
10. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Schmehl, Paul L)
11. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Steve Wray)
12. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Steve Wray)
13. Re: JAP back doored (Daniel Tams)
14. sans.org (lepkie)
15. Re: sans.org (Marcus Graf)
16. Re: sans.org (martin f krafft)
17. RE: sans.org (Jerry Heidtke)
18. Re: sans.org - OFFTOPIC (Kurt Seifried)
19. RE: sans.org (Ryan Lowdermilk)
20. Re: sans.org (B3r3n)
21. Re: sans.org (Bernie, CTA)
22. RE: sans.org (Joshua Thomas)
23. Re: sans.org (Ben Nelson)
24. RE: sans.org (NDG)
25. Re: atari800 (200309-07) (- o s g o -)
26. RE: sans.org (Richard M. Smith)
27. RE: Email for sans.org? (Richard M. Smith)
28. Re: sans.org (james)
29. RE: sans.org - OFFTOPIC (David Vincent)
30. The Worm tard who got busted (Andre Ludwig)
31. Re: sans.org (Kurt Seifried)
32. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
(Tim)
--__--__--
Message: 1
From: "Joel R. Helgeson" <joel@xxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Tracking a virus by logging infected
machines
Date: Tue, 2 Sep 2003 11:06:54 -0500
Why would any virus writer do this? This leads a clear audit trail that
would lead the authorities directly back to the creator.
I suppose it wouldn't be a bad thing if the virus author was looking for
some free room & board for the next 5-10 years.
Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation
"Give a man fire, and he'll be warm for a day; set a man on fire, and
he'll
be warm for the rest of his life."
----- Original Message -----
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: <jasonc@xxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Monday, September 01, 2003 6:38 PM
Subject: [Full-Disclosure] Tracking a virus by logging infected machines
> Hi Jason,
>
> >>> Is there any way to determine who the winner is?
>
> Not that I want to encourage virus writing, but I think it would be
very
> helpful to gather infection statistics if a virus were to keep a log
of
> the IP addresses of all the machines it infected. The log could be
> appended to the end of the executable file of the virus. Each copy
of a
> worm or virus would contain a record of one branch of the tree of
> infected machines.
>
> To make a log easy to locate and extract, the log can start with an
> easily identified string such as "VIRUS INFECTION LOG\n". IP
addresses
> should be recorded in ASCII with a \n between each IP address.
>
> Richard
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--__--__--
Message: 2
From: "Tiago Halm" <thalm@xxxxxxxxxx>
To: "'Pellmann Paul'" <pel@xxxxxxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Tue, 2 Sep 2003 17:36:30 +0100
Paul has a point here, I believe!
After a **lot** of html code "trimming" I came with an offline version
of
the page like this:
------------------------------------------------------
<html>
<body>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="http://www.galad.com/frame/e1x1.gif"; width="1"
height="1"
alt=""></td>
</tr>
</table>
</body>
</html>
-------------------------------------------------------
and this piece of code does crash my browser (6.0.2800.1106)
on windows 2000 server all patches and fixes up to date.
NOTE: Every time you **want** the browser to crash, you must delete it
from
the "Temporary Internet Files" before loading it in your browser.
Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a
"Bad or
unrecognized image header".
Does this image, in some way, affects the way IE does the parsing?
Seems like it...
Regards,
Tiago Halm
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Pellmann
Paul
Sent: terça-feira, 2 de Setembro de 2003 16:20
To: 'full-disclosure@xxxxxxxxxxxxxxxx'
Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll
Denial of Service?
This seems to be caused by the 1x1 image
http://www.galad.com/frame/e1x1.gif
used within the page. If I block this URL the IE stops crashing with
that
page.
cu
Paul
> > Its a mail client issue; doesn't happen if you click on
> > a link from Internet Explorer.
>
> No, I am very sure that this happens also, if you follow the
> link inside
> a web page only (without an involving mail client).
>
> So go to http://www.counterpane.com/crypto-gram.html , scroll down and
> click the link that says "Holger Hasselbach has translated several
> issues of Crypto-Gram into German [...]". The error occurs as
> described in my original posting.
>
> > Your mail headers don't exactly give away your own mail client.
> > What would it be?
>
> Microsoft Outlook 2002 SP2 on Windows XP Professional
>
> Yours,
>
> Marc Ruef
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
> qtApctQA9L1W78qDsE4Puuvz
> =m0et
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 3
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: "'Joel R. Helgeson'" <joel@xxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Tracking a virus by logging infected
machines
Date: Tue, 2 Sep 2003 12:43:43 -0400
To show off. ;-) The author of the Marker virus did exactly this.
Richard
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Joel R.
Helgeson
Sent: Tuesday, September 02, 2003 12:07 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Tracking a virus by logging infected
machines
Why would any virus writer do this? This leads a clear audit trail that
would lead the authorities directly back to the creator.
I suppose it wouldn't be a bad thing if the virus author was looking for
some free room & board for the next 5-10 years.
Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation
"Give a man fire, and he'll be warm for a day; set a man on fire, and
he'll
be warm for the rest of his life."
----- Original Message -----
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: <jasonc@xxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Monday, September 01, 2003 6:38 PM
Subject: [Full-Disclosure] Tracking a virus by logging infected machines
> Hi Jason,
>
> >>> Is there any way to determine who the winner is?
>
> Not that I want to encourage virus writing, but I think it would be
very
> helpful to gather infection statistics if a virus were to keep a log
of
> the IP addresses of all the machines it infected. The log could be
> appended to the end of the executable file of the virus. Each copy of
a
> worm or virus would contain a record of one branch of the tree of
> infected machines.
>
> To make a log easy to locate and extract, the log can start with an
> easily identified string such as "VIRUS INFECTION LOG\n". IP
addresses
> should be recorded in ASCII with a \n between each IP address.
>
> Richard
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 4
Date: Tue, 2 Sep 2003 10:38:07 -0700
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
To: Tiago Halm <thalm@xxxxxxxxxx>
Cc: "'Pellmann Paul'" <pel@xxxxxxxxxxxxxxxxx>,
full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Interesting...
> After a **lot** of html code "trimming" I came with an offline
version of
> the page like this:
>
> ------------------------------------------------------
> <html>
> <body>
> <table border="0" cellspacing="0" cellpadding="0">
> <tr>
> <td><img src="http://www.galad.com/frame/e1x1.gif"; width="1"
height="1"
> alt=""></td>
> </tr>
> </table>
> </body>
> </html>
> -------------------------------------------------------
>
> and this piece of code does crash my browser (6.0.2800.1106)
> on windows 2000 server all patches and fixes up to date.
>
> NOTE: Every time you **want** the browser to crash, you must delete
it from
> the "Temporary Internet Files" before loading it in your browser.
>
> Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a
"Bad or
> unrecognized image header".
> Does this image, in some way, affects the way IE does the parsing?
> Seems like it...
Yeah, the GIF image is almost certainly mal-formed. Not sure in what
way yet, as I am no GIF expert. Some interesting information though:
Opening it in the GIMP produces the following errors on stderr:
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring
The file's contents are:
00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF
GIF89a..........
00000010 FF FF FF 21 F9 04 01 00 00 01 00 2C 00 00 00 00
...!.......,....
00000020 01 00 01 00 00 02 02 4C 01 00 3B
.......L..;
I then opened the file in the GIMP, and immediately saved it back to
another gif file, and it wrote:
00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF
GIF89a..........
00000010 00 00 00 21 F9 04 01 00 00 00 00 2C 00 00 00 00
...!.......,....
00000020 01 00 01 00 00 00 01 01 00 3B
.........;
Which obviously has some differences. Anyone else better with GIF89a
than I?
tim
--__--__--
Message: 5
Date: Tue, 2 Sep 2003 10:42:58 -0700
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
To: Irwan Hadi <irwanhadi@xxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
> Even more interesting:
> Received: from netsys.com (NETSYS.COM [199.201.233.10])
> by phxby.engr.usu.edu (Postfix) with ESMTP id 4A3F11443EF
> for <irwanhadi@xxxxxxxxxxxxxxxxxx>; Tue, 2 Sep 2003 02:44:14
> -0600 (MDT)
> Received: from NETSYS.COM (localhost [127.0.0.1])
> by netsys.com (8.11.6p2/8.11.6) with ESMTP id h827wOx20101;
> Tue, 2 Sep 2003 03:58:24 -0400 (EDT)
> Received: from phxby.engr.usu.edu (phxby.engr.usu.edu
[129.123.21.101])
> by netsys.com (8.11.6p2/8.11.6) with ESMTP id h827uUE19665
> for <full-disclosure@xxxxxxxxxxxxxxxx>; Tue, 2 Sep 2003
03:56:30
> -0400 (EDT)
> Received: by phxby.engr.usu.edu (Postfix, from userid 501)
> id 6607B14438C; Tue, 2 Sep 2003 01:56:24 -0600 (MDT)
>
> I believe that for infosec stuffs, the faster information being
> distributed/sent is the better. Late putting patch just because the
> information come almost 1 hour later after it is sent might be
> catastropic.
I don't know about catastrophic, but it certainly should be faster. I
personally find the speed of this list unacceptable. For large lists
with high volume, a list server written in a scripting language like
python isn't going to cut it, IMHO. I vote for qmail w/ ezmlm(-idx).
(That is, if we get a vote in the matter.)
tim
--__--__--
Message: 6
Date: Tue, 2 Sep 2003 10:51:45 -0700
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
To: Tiago Halm <thalm@xxxxxxxxxx>
Cc: "'Pellmann Paul'" <pel@xxxxxxxxxxxxxxxxx>,
full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Error in my last post. I switched the order of the original and GIMP
produced .gif on accident. To clarify:
Original:
00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF
GIF89a..........
00000010 00 00 00 21 F9 04 01 00 00 00 00 2C 00 00 00 00
...!.......,....
00000020 01 00 01 00 00 00 01 01 00 3B
.........;
Processed and re-saved by GIMP:
00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF
GIF89a..........
00000010 FF FF FF 21 F9 04 01 00 00 01 00 2C 00 00 00 00
...!.......,....
00000020 01 00 01 00 00 02 02 4C 01 00 3B
.......L..;
tim
--__--__--
Message: 7
Date: Tue, 02 Sep 2003 20:14:52 +0200
To: "Tiago Halm" <thalm@xxxxxxxxxx>, "'Pellmann Paul'"
<pel@xxxxxxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
From: nonleft <nonleft@xxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
--=====================_2889214==.REL
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
could you figure out if it is a webbug than or just a transgif for
layout?
kind regards
nonleft
At 17:36 02.09.2003 +0100, Tiago Halm wrote:
>Paul has a point here, I believe!
>
>After a **lot** of html code "trimming" I came with an offline version
of
>the page like this:
>
>------------------------------------------------------
>2bd125.jpg
>-------------------------------------------------------
>
>and this piece of code does crash my browser (6.0.2800.1106)
>on windows 2000 server all patches and fixes up to date.
>
>NOTE: Every time you **want** the browser to crash, you must delete it
from
>the "Temporary Internet Files" before loading it in your browser.
>
>Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a
"Bad=
or
>unrecognized image header".
>Does this image, in some way, affects the way IE does the parsing?
>Seems like it...
>
>Regards,
>Tiago Halm
>
>
>-----Original Message-----
>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
>[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Pellmann
Paul
>Sent: ter=E7a-feira, 2 de Setembro de 2003 16:20
>To: 'full-disclosure@xxxxxxxxxxxxxxxx'
>Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll
>Denial of Service?
>
>
>This seems to be caused by the 1x1 image=
http://www.galad.com/frame/e1x1.gif
>used within the page. If I block this URL the IE stops crashing with
that
>page.
>
>cu
>Paul
>
>
> > > Its a mail client issue; doesn't happen if you click on
> > > a link from Internet Explorer.
> >
> > No, I am very sure that this happens also, if you follow the
> > link inside
> > a web page only (without an involving mail client).
> >
> > So go to http://www.counterpane.com/crypto-gram.html , scroll down
and
> > click the link that says "Holger Hasselbach has translated several
> > issues of Crypto-Gram into German [...]". The error occurs as
> > described in my original posting.
> >
> > > Your mail headers don't exactly give away your own mail client.
> > > What would it be?
> >
> > Microsoft Outlook 2002 SP2 on Windows XP Professional
> >
> > Yours,
> >
> > Marc Ruef
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0
> >
> > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
> > qtApctQA9L1W78qDsE4Puuvz
> > =3Dm0et
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
--=====================_2889214==.REL
Content-Type: image/jpeg; name="2bd125.jpg";
x-mac-type="4A504547"; x-mac-creator="4A565752"
Content-ID: <5.2.0.9.2.20030902201142.00b46cc0@xxxxxxxxxxxx>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="2bd125.jpg"
/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEB
AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wAARCAABAAEDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD/AD/6
KKKAP//Z
--=====================_2889214==.REL--
--__--__--
Message: 8
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
To: "Tim" <tim-security@xxxxxxxxxxxxxxxxxxx>,
"Irwan Hadi" <irwanhadi@xxxxxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Tue, 2 Sep 2003 11:23:09 -0700
> > I believe that for infosec stuffs, the faster information being
> > distributed/sent is the better. Late putting patch just because the
> > information come almost 1 hour later after it is sent might be
> > catastropic.
>
> I don't know about catastrophic, but it certainly should be faster. I
> personally find the speed of this list unacceptable. For large lists
> with high volume, a list server written in a scripting language like
> python isn't going to cut it, IMHO. I vote for qmail w/ ezmlm(-idx).
> (That is, if we get a vote in the matter.)
funny, i often see replies to my post long before i see my own post
dont know why, does'nt always happen. But it is odd.
Sometimes I wonder if the list is being siphoned for breaking sec info
before
the posts reach the subscribers.
Donnie Werner
http://e2-labs.com
--__--__--
Message: 9
From: "Tiago Halm" <thalm@xxxxxxxxxx>
To: "'nonleft'" <nonleft@xxxxxxx>, "'Pellmann Paul'"
<pel@xxxxxxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Tue, 2 Sep 2003 19:49:07 +0100
My feeling is that the following facts:
- rendering engine of IE, complemented with the "online" download of the
image
- possible malformation of the image
lead to this outcome (browser crash).
There must be some code inside mshtml.dll that "crashes" when parsing
the
image.
I get this "Application" event with source "Microsoft Internet
Explorer", ID
= 1000:
-------------
Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module
mshtml.dll, version 6.0.2800.1226, fault address 0x00180ede.
-------------
This is not a webbug. I think this is only a transgif for layout (as
you put
it).
And IE should take the image as invalid and should not even try to
display
it.
Regards,
Tiago Halm
-----Original Message-----
From: nonleft [mailto:nonleft@xxxxxxx]
Sent: terça-feira, 2 de Setembro de 2003 19:15
To: Tiago Halm; 'Pellmann Paul'; full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll
Denial of Service?
could you figure out if it is a webbug than or just a transgif for
layout?
kind regards
nonleft
At 17:36 02.09.2003 +0100, Tiago Halm wrote:
>Paul has a point here, I believe!
>
>After a **lot** of html code "trimming" I came with an offline version
>of the page like this:
>
>------------------------------------------------------
>2bd125.jpg
>-------------------------------------------------------
>
>and this piece of code does crash my browser (6.0.2800.1106) on windows
>2000 server all patches and fixes up to date.
>
>NOTE: Every time you **want** the browser to crash, you must delete it
>from the "Temporary Internet Files" before loading it in your browser.
>
>Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a
>"Bad or unrecognized image header". Does this image, in some way,
>affects the way IE does the parsing? Seems like it...
>
>Regards,
>Tiago Halm
>
>
>-----Original Message-----
>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
>[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Pellmann
>Paul
>Sent: terça-feira, 2 de Setembro de 2003 16:20
>To: 'full-disclosure@xxxxxxxxxxxxxxxx'
>Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll
>Denial of Service?
>
>
>This seems to be caused by the 1x1 image
>http://www.galad.com/frame/e1x1.gif
>used within the page. If I block this URL the IE stops crashing with
that
>page.
>
>cu
>Paul
>
>
> > > Its a mail client issue; doesn't happen if you click on
> > > a link from Internet Explorer.
> >
> > No, I am very sure that this happens also, if you follow the link
> > inside a web page only (without an involving mail client).
> >
> > So go to http://www.counterpane.com/crypto-gram.html , scroll down
> > and click the link that says "Holger Hasselbach has translated
> > several issues of Crypto-Gram into German [...]". The error occurs
> > as described in my original posting.
> >
> > > Your mail headers don't exactly give away your own mail client.
> > > What would it be?
> >
> > Microsoft Outlook 2002 SP2 on Windows XP Professional
> >
> > Yours,
> >
> > Marc Ruef
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0
> >
> > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
> > qtApctQA9L1W78qDsE4Puuvz
> > =m0et
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 10
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Tue, 2 Sep 2003 14:31:06 -0500
From: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxx>
> -----Original Message-----
> From: morning_wood [mailto:se_cur_ity@xxxxxxxxxxx]
> Sent: Tuesday, September 02, 2003 1:23 PM
> To: Tim; Irwan Hadi
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] New Microsoft Internet
> Explorer mshtml.dll Denial of Service?
>
> funny, i often see replies to my post long before i see my
> own post dont know why, does'nt always happen. But it is odd.
> Sometimes I wonder if the list is being siphoned for breaking
> sec info before the posts reach the subscribers.
More likely what you're seeing is the duplicate copy sent to your email
address because the default for this list is reply to sender. So most
people just reply to all, and the cc list gets longer and longer and
longer. Later on, your post shows up on the list, so you see it then.
But the replies come to you directly and much faster.
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
--__--__--
Message: 11
From: "Steve Wray" <steve.wray@xxxxxxxxxxxxxxx>
To: "'Marc Ruef'" <maru@xxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Wed, 3 Sep 2003 08:04:36 +1200
Ok I went there and no crash!
:)
Heres the html that I created to test the principal as
well.
My MSIE is 6.0.2800.1106.xpsp2.030422-1633
I only experience the crash when clicking in Outlook 2002.
[snip]
> > Its a mail client issue; doesn't happen if you click on
> > a link from Internet Explorer.
>
> No, I am very sure that this happens also, if you follow the
> link inside
> a web page only (without an involving mail client).
>
> So go to http://www.counterpane.com/crypto-gram.html , scroll down and
> click the link that says "Holger Hasselbach has translated several
> issues of Crypto-Gram into German [...]". The error occurs as
> described
> in my original posting.
>
> > Your mail headers don't exactly give away your own mail client.
> > What would it be?
>
> Microsoft Outlook 2002 SP2 on Windows XP Professional
>
> Yours,
>
> Marc Ruef
--__--__--
Message: 12
From: "Steve Wray" <steve.wray@xxxxxxxxxxxxxxx>
To: "'Tiago Halm'" <thalm@xxxxxxxxxx>,
"'Pellmann Paul'" <pel@xxxxxxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
Date: Wed, 3 Sep 2003 08:16:21 +1200
So why is it that visiting the page directly from MSIE
from html like this;
<html>
<head>
</head>
<body>
<a href="http://www.galad.com/extras/cg/cg.htm";>crash</a>
</body>
</html>
I get no crash?
But clicking through from outlook I do?
Ie; clicking from outlook = crash
clicking from IE = no crash
clicking from outlook afterward = crash
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> Tiago Halm
> Sent: Wednesday, 3 September 2003 4:37 a.m.
> To: 'Pellmann Paul'; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] New Microsoft Internet
> Explorer mshtml.dll Denial of Service?
>
>
> Paul has a point here, I believe!
>
> After a **lot** of html code "trimming" I came with an
> offline version of
> the page like this:
>
> ------------------------------------------------------
> <html>
> <body>
> <table border="0" cellspacing="0" cellpadding="0">
> <tr>
> <td><img src="http://www.galad.com/frame/e1x1.gif";
> width="1" height="1"
> alt=""></td>
> </tr>
> </table>
> </body>
> </html>
> -------------------------------------------------------
>
> and this piece of code does crash my browser (6.0.2800.1106)
> on windows 2000 server all patches and fixes up to date.
>
> NOTE: Every time you **want** the browser to crash, you must
> delete it from
> the "Temporary Internet Files" before loading it in your browser.
--__--__--
Message: 13
Date: Tue, 2 Sep 2003 22:22:02 +0200 (CEST)
From: Daniel Tams <dantams@xxxxxxxxxxxxxxxxxxxxx>
To: Helmut Hauser <helmut.hauser@xxxxxxxxxxxx>
cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] JAP back doored
On Tue, 2 Sep 2003, Helmut Hauser wrote:
> The german police (BKA) striked again against the An.on Team
>
> See
http://www.datenschutzzentrum.de/material/themen/presse/anon-bka.htm
The choice of your subject line makes it seem that the article says that
JAP has been backdoored again. The article does not say that. The
article
says that the police received a court order permitting them to enter and
search the facilities of the Technical University of Dresden in order to
find the data that was captured by the backdoor when it was in use.
- Daniel
--__--__--
Message: 14
Date: Tue, 2 Sep 2003 12:29:47 -0700
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc:
From: "lepkie" <lepkie@xxxxxxxxxxxx>
Reply-To: lepkie@xxxxxxxxxxxx
Subject: [Full-Disclosure] sans.org
maybe off topic
can anyone resolve www.sans.org or www.incidents.org?
I tried several name servers and none return an A record.
%> host www.sans.org ns2.berkeley.edu
%> host www.sans.org ns1.ems.psu.edu
%> etc ....
all report not found.
Did they forget to pay the reg fee?
--
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
--__--__--
Message: 15
From: "Marcus Graf" <m.graf@xxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx
Date: Tue, 02 Sep 2003 23:11:41 +0200
Subject: Re: [Full-Disclosure] sans.org
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
no problems:
www.sans.org => 65.173.218.106
www.incidents.org => 63.100.47.45
but the traceroute from here to www.sans.org dies at
sl-escal-1-0-0.sprintlink.net [160.81.98.26]
and the traceroute to www.incidents.org ist interesting:
...
... 500.ATM4-0.GW5.IAD5.ALTER.NET [152.63.43.137]
... 192.168.11.9 [192.168.11.9]
misconfigured NAT ???
Ciao
Marcus
--
Windows is not the answer.
Windows is the question and the answer is no.
--__--__--
Message: 16
Date: Tue, 2 Sep 2003 23:35:30 +0200
From: martin f krafft <madduck@xxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: sans.org
--KN5l+BnMqAQyZLvT
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
also sprach lepkie <lepkie@xxxxxxxxxxxx> [2003.09.02.2129 +0200]:
> can anyone resolve www.sans.org or www.incidents.org?
no.
> Did they forget to pay the reg fee?
Created on..............: Fri, Aug 04, 1995
Expires on..............: Tue, Aug 03, 2010
Record last updated on..: Tue, Sep 02, 2003
They probably screwed up their nameserver. This is said to happen to
even the pro's ;^>
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
=20
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
=20
obviously the human brain works like a computer.
since there are no stupid computers humans can't be stupid.
there are just a few running windoze.
--KN5l+BnMqAQyZLvT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/VQ0iIgvIgzMMSnURAnLvAKClbzWQWQ6lZc0c7lin3BQZsH9ArQCfWMIr
TqcqUYIGg+N3EvaJKmnlL+s=
=fWEe
-----END PGP SIGNATURE-----
--KN5l+BnMqAQyZLvT--
--__--__--
Message: 17
Subject: RE: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 16:41:24 -0500
From: "Jerry Heidtke" <jheidtke@xxxxxxxx>
To: "Marcus Graf" <m.graf@xxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
The administrator of dshield has this to say about resolving sans.org:
> I didn't find a NS, which resolves sans.org or isc.sans.org.
> Anyone else?
Our registrar (register.com) had problems with sans.org and it did get
removed from some root servers. Hopefully this will be fixed soon.
DShield.org may be effected as it uses the same infrastructure. I did
try to move mail server records to make them work without 'sans.org'.
--
--------------------------------------------------------------
Johannes Ullrich
-----Original Message-----
From: Marcus Graf [mailto:m.graf@xxxxxxxxxxxxx]
Sent: Tuesday, September 02, 2003 4:12 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] sans.org
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
no problems:
www.sans.org => 65.173.218.106
www.incidents.org => 63.100.47.45
but the traceroute from here to www.sans.org dies at
sl-escal-1-0-0.sprintlink.net [160.81.98.26]
and the traceroute to www.incidents.org ist interesting:
...
... 500.ATM4-0.GW5.IAD5.ALTER.NET [152.63.43.137]
... 192.168.11.9 [192.168.11.9]
misconfigured NAT ???
Ciao
Marcus
--
Windows is not the answer.
Windows is the question and the answer is no.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
--__--__--
Message: 18
Reply-To: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
To: <lepkie@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] sans.org - OFFTOPIC
Date: Tue, 2 Sep 2003 15:41:24 -0600
In a word: yes. They work fine. Your DNS is buggered. Next time I
suggest
checking a website such as Sam Spade before emailing a list with
thousands
of subscribers for something as ridiculously trivial as this.
Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
----- Original Message -----
From: "lepkie" <lepkie@xxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Tuesday, September 02, 2003 1:29 PM
Subject: [Full-Disclosure] sans.org
> maybe off topic
>
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
>
> %> host www.sans.org ns2.berkeley.edu
> %> host www.sans.org ns1.ems.psu.edu
> %> etc ....
>
> all report not found.
>
> Did they forget to pay the reg fee?
>
>
> --
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--__--__--
Message: 19
Subject: RE: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 14:45:09 -0700
From: "Ryan Lowdermilk" <RLowdermilk@xxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggWNQ29u
dGVudC1UeXBlOiB0ZXh0L3BsYWluOw0KCWNoYXJzZXQ9InVzLWFzY2lpIg0KQ29udGVudC1UcmFu
c2Zlci1FbmNvZGluZzogN2JpdA0KDQpJIGNvdWxkIG5vdCBlYXJsaWVyIC4uLiBJIGFsc28gY2hl
Y2tlZCBzZXZlcmFsIE5TJ3MgYW5kIGNvdWxkIG5vdCByZXNvbHZlLiBJDQpzcGF0IG91dCBhIHdo
b2lzIGFuZCBraW5kYSBpbnRlcmVzdGluZy4uLg0KDQpEb21haW4gSUQ6RDQyMDE4NjgtTFJPUg0K
RG9tYWluIE5hbWU6U0FOUy5PUkcNCkNyZWF0ZWQgT246MDQtQXVnLTE5OTUgMDQ6MDA6MDAgVVRD
DQpMYXN0IFVwZGF0ZWQgT246MDEtU2VwLTIwMDMgMTc6MTc6MDUgVVRDDQpFeHBpcmF0aW9uIERh
dGU6MDMtQXVnLTIwMTAgMDQ6MDA6MDAgVVRDDQoNClNlZW1zIHRoZSBkb21haW4gd2FzIGp1c3Qg
dXBkYXRlZC4uLiA6LyBobW1tbS4uLg0KDQpIb3dldmVyIGFzIE1hcmN1cyBoYXMgc3RhdGVkIC4u
LiBJIGNhbiBub3cgY29ubmVjdC4uLiAgDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpG
cm9tOiBNYXJjdXMgR3JhZiBbbWFpbHRvOm0uZ3JhZkBmaXJtZW53ZWx0LmRlXSANClNlbnQ6IFR1
ZXNkYXksIFNlcHRlbWJlciAwMiwgMjAwMyAyOjEyIFBNDQpUbzogZnVsbC1kaXNjbG9zdXJlQGxp
c3RzLm5ldHN5cy5jb20NClN1YmplY3Q6IFJlOiBbRnVsbC1EaXNjbG9zdXJlXSBzYW5zLm9yZw0K
DQo+IGNhbiBhbnlvbmUgcmVzb2x2ZSB3d3cuc2Fucy5vcmcgb3Igd3d3LmluY2lkZW50cy5vcmc/
DQo+IEkgdHJpZWQgc2V2ZXJhbCBuYW1lIHNlcnZlcnMgYW5kIG5vbmUgcmV0dXJuIGFuIEEgcmVj
b3JkLg0KDQpubyBwcm9ibGVtczogDQp3d3cuc2Fucy5vcmcgPT4gNjUuMTczLjIxOC4xMDYNCnd3
dy5pbmNpZGVudHMub3JnID0+IDYzLjEwMC40Ny40NQ0KDQpidXQgdGhlIHRyYWNlcm91dGUgZnJv
bSBoZXJlIHRvIHd3dy5zYW5zLm9yZyBkaWVzIGF0DQpzbC1lc2NhbC0xLTAtMC5zcHJpbnRsaW5r
Lm5ldCBbMTYwLjgxLjk4LjI2XQ0KDQphbmQgdGhlIHRyYWNlcm91dGUgdG8gd3d3LmluY2lkZW50
cy5vcmcgaXN0IGludGVyZXN0aW5nOg0KDQouLi4NCi4uLiA1MDAuQVRNNC0wLkdXNS5JQUQ1LkFM
VEVSLk5FVCBbMTUyLjYzLjQzLjEzN10gLi4uIDE5Mi4xNjguMTEuOQ0KWzE5Mi4xNjguMTEuOV0N
Cg0KbWlzY29uZmlndXJlZCBOQVQgPz8/DQoNCkNpYW8NCiAgTWFyY3VzDQoNCi0tDQpXaW5kb3dz
IGlzIG5vdCB0aGUgYW5zd2VyLg0KV2luZG93cyBpcyB0aGUgcXVlc3Rpb24gYW5kIHRoZSBhbnN3
ZXIgaXMgbm8uDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX18NCkZ1bGwtRGlzY2xvc3VyZSAtIFdlIGJlbGlldmUgaW4gaXQuDQpDaGFydGVyOiBodHRw
Oi8vbGlzdHMubmV0c3lzLmNvbS9mdWxsLWRpc2Nsb3N1cmUtY2hhcnRlci5odG1sDQoAAAAAAACg
ggo4MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYT
AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5
NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xl
bgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txH
kSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQBMP7iL
xmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZoEWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3
xSnxgiJduLHdgSOjeyUVRjB5FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/
OJ0ANACY89FxlDCCA2IwggLLoAMCAQICEAvaCxfBP4mOqwl0erTOLjMwDQYJKoZIhvcNAQECBQAw
XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4MDUxMjAwMDAwMFoX
DTA4MDUxMjIzNTk1OVowgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
U2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkv
UlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFz
cyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALtaRIoEFrtV/QN6ii2UTxV4NrgNSrJvnFS/vOh3Kp258Gi7
ldkxQXB6gUu5SBNWLccI4YRCq8CikqtEXKpC8IIOAukv+8I7u77JJwpdtrA2QjO1blSIT4dKvxna
+RXoD4e2HOPMxpqOf2okkuP84GW6p7F+78nbN2rISsgJBuSZAgMBAAGjgbAwga0wDwYDVR0TBAgw
BgEB/wIBADBHBgNVHSAEQDA+MDwGC2CGSAGG+EUBBwEBMC0wKwYIKwYBBQUHAgEWH3d3dy52ZXJp
c2lnbi5jb20vcmVwb3NpdG9yeS9SUEEwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJp
c2lnbi5jb20vcGNhMS5jcmwwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjANBgkqhkiG
9w0BAQIFAAOBgQACfZ5vRUs4oLje6VNkIbzkTCuPHv6SQKzYCjlqoTIhLAebq1n+0mIafVU4sDdz
3PQHZmNiveFTcFKH56jYUulbLarh3s+sMVTUixnI2COo7wQrMn0sGBzIfImoLnfyRNFlCk10te7T
G5JzdC6JOzUTcudAMZrTssSr51a+i+P7FTCCBI0wggP2oAMCAQICEHlXJMTx7XHrQSACxwZ9sZQw
DQYJKoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
U2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkv
UlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFz
cyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDMw
NzI4MDAwMDAwWhcNMDQwNzI4MjM1OTU5WjCCARsxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29t
L3JlcG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQ
ZXJzb25hIE5vdCBWYWxpZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jv
c29mdCBGdWxsIFNlcnZpY2UxGjAYBgNVBAMUEVJ5YW4gUCBMb3dkZXJtaWxrMSUwIwYJKoZIhvcN
AQkBFhZybG93ZGVybWlsa0BpdGd1c2EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6
2y2/+ZAK/W2B4GQpkDjD2U/0AAgbaT24rqlrzEzrdE2oJLXfJ1zCvry5V26MgU6ByZJ2a7gyYArc
9pJc9EFr9jrKup7WH6wTIcLaXjEW1qgUPGs+XwLj0c5HNT+vJYDvtu0c8w9+vr/Pp5Bqp0tqb+d4
x80o6loABHJUbp99twIDAQABo4IBHDCCARgwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtg
hkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBi
BggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29y
cC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQD
AgeAMBQGCmCGSAGG+EUBBgcEBhYETm9uZTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZl
cmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAB63FMqrX+UOkm559D/XGOz0
mVmdZGb5ym3YITEyDLGgwUUajIvFMVnLvZu8ILnqiOwf7wiU4yERo2vS39B5AOlumuJ6HgFYYmjN
/GQpWp09xR8+QMZiKUaWXdu88SW5d3Fz8uJkhrIc2K4QX/zYgWWz69qGf2LajXfYm7ykQWmEMYIE
PjCCBDoCAQEwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB
IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx
IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEHlXJMTx7XHr
QSACxwZ9sZQwCQYFKw4DAhoFAKCCArIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
9w0BCQUxDxcNMDMwOTAyMjE0NDMzWjAjBgkqhkiG9w0BCQQxFgQUKBYD+fLlnq7ewakqFjVviG4C
GGcwZwYJKoZIhvcNAQkPMVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsG
AQQBgjcQBDGB5DCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
aWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9S
UEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNz
IDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQeVckxPHt
cetBIALHBn2xlDCB9AYLKoZIhvcNAQkQAgsxgeSggeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNp
Z24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYD
VQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5v
dCBWYWxpZGF0ZWQCEHlXJMTx7XHrQSACxwZ9sZQwDQYJKoZIhvcNAQEBBQAEgYAwumbCKYKEmMU4
Kl8PRzR9xHpiTKW38OV9cQTDKFrIjhB+YExB2aH1PBKknEt7VeshhvtV3G+aidJw4oFBUQaSTn9i
jkNMilsFApJqdt/jQ+ETCTZjlriXYq87ZLMmY5T13HlUUELrPugh/Tx7MvRjwtaTlXv4qZm+sxQq
PQfLVwAAAAAAAA==
--__--__--
Message: 20
Date: Tue, 02 Sep 2003 23:45:10 +0200
To: lepkie@xxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
From: B3r3n <B3r3n@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] sans.org
From France, sans.org resolves ok but not www.incidents.org
# dig www.incidents.org
; <<>> DiG 8.3 <<>> www.incidents.org
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; www.incidents.org, type = A, class = IN
;; AUTHORITY SECTION:
org. 2h58m24s IN SOA A7.NSTLD.COM.
DOMADMIN.ULTRADNS.NET. (
2003168420 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 2 msec
;; WHEN: Tue Sep 2 23:44:07 2003
;; MSG SIZE sent: 35 rcvd: 104
--__--__--
Message: 21
From: "Bernie, CTA" <cta@xxxxxxxxx>
Organization: HCSIN
To: full-disclosure@xxxxxxxxxxxxxxxx
Date: Tue, 02 Sep 2003 17:46:50 -0400
Subject: Re: [Full-Disclosure] sans.org
Reply-to: cta@xxxxxxxxx
CC: "lepkie" <lepkie@xxxxxxxxxxxx>
nslookup say:
NS1.HOMEPC.ORG is authoritative for
sans.org and incidents.org
Server: NS1.HOMEPC.ORG
Address: 66.129.1.102#53
Name: www.sans.org
Address: 65.173.218.106
and
Server: NS1.HOMEPC.ORG
Address: 66.129.1.102#53
www.incidents.org canonical name = incidents.org.
Name: incidents.org
Address: 63.100.47.45
I can get to their webs by IP and http://isc.incidents.org/, so
maybe someone infected the root servers, www CNAMEs?
On 2 Sep 2003 at 12:29, lepkie wrote:
> maybe off topic
>
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
>
> %> host www.sans.org ns2.berkeley.edu
> %> host www.sans.org ns1.ems.psu.edu
> %> etc ....
>
> all report not found.
>
> Did they forget to pay the reg fee?
>
>
> --
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate
> Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@xxxxxxxxx
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
--__--__--
Message: 22
From: Joshua Thomas <JThomas@xxxxxxxxxxxxxxxxx>
To: "'lepkie@xxxxxxxxxxxx'" <lepkie@xxxxxxxxxxxx>,
full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 17:52:18 -0400
This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C3719C.7AA18B30
Content-Type: text/plain;
charset="iso-8859-1"
Not I, either. Nor a number of other people I've asked.
Someone can resolve it to 65.173.218.106, which does appear to be the
SANS
portal site.
Big DNS mistake? Hack? Didn't pay the bill? We'll find out eventually.
Joshua Thomas
Network Operations Engineer
PowerOne Media, Inc.
tel: 518-687-6143
jthomas@xxxxxxxxxxxxxxxxx
-----Original Message-----
From: lepkie [mailto:lepkie@xxxxxxxxxxxx]
Sent: Tuesday, September 02, 2003 3:30 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] sans.org
maybe off topic
can anyone resolve www.sans.org or www.incidents.org?
I tried several name servers and none return an A record.
%> host www.sans.org ns2.berkeley.edu
%> host www.sans.org ns1.ems.psu.edu
%> etc ....
all report not found.
Did they forget to pay the reg fee?
--
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
------_=_NextPart_001_01C3719C.7AA18B30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Full-Disclosure] sans.org</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Not I, either. Nor a number of other people I've =
asked.</FONT>
</P>
<P><FONT SIZE=3D2>Someone can resolve it to 65.173.218.106, which does =
appear to be the SANS portal site.</FONT>
</P>
<P><FONT SIZE=3D2>Big DNS mistake? Hack? Didn't pay the bill? We'll =
find out eventually.</FONT>
</P>
<P><FONT SIZE=3D2>Joshua Thomas</FONT>
<BR><FONT SIZE=3D2>Network Operations Engineer</FONT>
<BR><FONT SIZE=3D2>PowerOne Media, Inc.</FONT>
<BR><FONT SIZE=3D2>tel: 518-687-6143</FONT>
<BR><FONT SIZE=3D2>jthomas@xxxxxxxxxxxxxxxxx </FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: lepkie [<A =
HREF=3D"mailto:lepkie@xxxxxxxxxxxx";>mailto:lepkie@xxxxxxxxxxxx</A>]</FON=
T>
<BR><FONT SIZE=3D2>Sent: Tuesday, September 02, 2003 3:30 PM</FONT>
<BR><FONT SIZE=3D2>To: full-disclosure@xxxxxxxxxxxxxxxx</FONT>
<BR><FONT SIZE=3D2>Subject: [Full-Disclosure] sans.org</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>maybe off topic</FONT>
</P>
<P><FONT SIZE=3D2>can anyone resolve www.sans.org or =
www.incidents.org?</FONT>
<BR><FONT SIZE=3D2>I tried several name servers and none return an A =
record.</FONT>
</P>
<P><FONT SIZE=3D2>%> host www.sans.org ns2.berkeley.edu</FONT>
<BR><FONT SIZE=3D2>%> host www.sans.org ns1.ems.psu.edu</FONT>
<BR><FONT SIZE=3D2>%> etc ....</FONT>
</P>
<P><FONT SIZE=3D2>all report not found.</FONT>
</P>
<P><FONT SIZE=3D2>Did they forget to pay the reg fee?</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>--</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2>Concerned about your privacy? Follow this link to =
get</FONT>
<BR><FONT SIZE=3D2>FREE encrypted email: <A =
HREF=3D"https://www.hushmail.com/?l=3D2"; =
TARGET=3D"_blank">https://www.hushmail.com/?l=3D2</A></FONT>
</P>
<P><FONT SIZE=3D2>Free, ultra-private instant messaging with Hush =
Messenger</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"https://www.hushmail.com/services.php?subloc=3Dmessenger&l=3D434=
" =
TARGET=3D"_blank">https://www.hushmail.com/services.php?subloc=3Dmesseng=
er&l=3D434</A></FONT>
</P>
<P><FONT SIZE=3D2>Promote security and make money with the Hushmail =
Affiliate Program: </FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"https://www.hushmail.com/about.php?subloc=3Daffiliate&l=3D427"; =
TARGET=3D"_blank">https://www.hushmail.com/about.php?subloc=3Daffiliate&=
l=3D427</A></FONT>
</P>
<P><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>Full-Disclosure - We believe in it.</FONT>
<BR><FONT SIZE=3D2>Charter: <A =
HREF=3D"http://lists.netsys.com/full-disclosure-charter.html"; =
TARGET=3D"_blank">http://lists.netsys.com/full-disclosure-charter.html</=
A></FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C3719C.7AA18B30--
--__--__--
Message: 23
Date: Tue, 2 Sep 2003 15:16:34 -0600
From: "Ben Nelson" <lists@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] sans.org
To: lepkie@xxxxxxxxxxxx
Cc: full-disclosure@xxxxxxxxxxxxxxxx
I have 3 geographically dispersed data centers and 2 of the 3 can look
up
those names successfully. The one that can not look them up can not
look
up www.giac.org either.
On September 2, 1:29 pm "lepkie" <lepkie@xxxxxxxxxxxx> wrote:
> maybe off topic
>
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
>
> %> host www.sans.org ns2.berkeley.edu
> %> host www.sans.org ns1.ems.psu.edu
> %> etc ....
>
> all report not found.
>
> Did they forget to pay the reg fee?
>
>
> --
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--__--__--
Message: 24
From: "NDG" <nom.de.guerre@xxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 16:43:45 -0500
Ya know - I've been meaning to post this all day
Marq@securitynewsportal said he was getting there intermittently this
morning
So - I figured it was just a matter of time before I could get there
from
here
maybe off topic
can anyone resolve www.sans.org or www.incidents.org?
I tried several name servers and none return an A record.
%> host www.sans.org ns2.berkeley.edu
%> host www.sans.org ns1.ems.psu.edu
%> etc ....
all report not found.
Did they forget to pay the reg fee?
--
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 25
Reply-To: "- o s g o -" <osgo@xxxxxxxxxxx>
From: "- o s g o -" <osgo@xxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Date: Tue, 2 Sep 2003 14:37:19 -0700
Subject: [Full-Disclosure] Re: atari800 (200309-07)
I think it's wonderful that in today's world, whenever we want to play:
"Pong" or "Claim Jumper," circa 1982, there's always someone out of the
last
5 remaining earth-bound gamers warning us about a BO, r00ting the box
and
possibly turning the Atari800 emulator into an Intellivision.® Or
worse.
I'm deeply encouraged that the last of the "Great Five Players" can
safely
continue their gaming experience. Just don't mess with "Pole
Position...."
That's where I draw the line, OK?
Warmest personal regards,
-osgo
> PACKAGE : atari800
> SUMMARY : buffer overflow
> DATE : 2003-09-02 14:03 UTC
> EXPLOIT : local
> VERSIONS AFFECTED : <atari800-1.3.0-r1
> FIXED VERSION : >=atari800-1.3.0-r1
> CVE : CAN-2003-0630
>
> - - -
--------------------------------------------------------------------
-
>
> atar800 contains a buffer overflow which could be used by an attacker
> to gain root privileges. Altough the atari800 package in Gentoo does
not
> install any files suid root we encourage our users to upgrade.
--__--__--
Message: 26
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: <cta@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Cc: "'lepkie'" <lepkie@xxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 18:38:03 -0400
Did someone at Register.com get conned to switch the name servers for
SANS to homepc.org? SANS has their domain name registeration with
Register.com:
Technical Contact:
Register.Com
Domain Registrar
575 8th Avenue
New York, NY 10018
US
Phone: 902-749-2701
Fax..: 902-749-5429
Email: domain-registrar@xxxxxxxxxxxx
Richard
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Bernie, CTA
Sent: Tuesday, September 02, 2003 5:47 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc: lepkie
Subject: Re: [Full-Disclosure] sans.org
nslookup say:
NS1.HOMEPC.ORG is authoritative for
sans.org and incidents.org
Server: NS1.HOMEPC.ORG
Address: 66.129.1.102#53
Name: www.sans.org
Address: 65.173.218.106
and
Server: NS1.HOMEPC.ORG
Address: 66.129.1.102#53
www.incidents.org canonical name = incidents.org.
Name: incidents.org
Address: 63.100.47.45
I can get to their webs by IP and http://isc.incidents.org/, so
maybe someone infected the root servers, www CNAMEs?
On 2 Sep 2003 at 12:29, lepkie wrote:
> maybe off topic
>
> can anyone resolve www.sans.org or www.incidents.org?
> I tried several name servers and none return an A record.
>
> %> host www.sans.org ns2.berkeley.edu
> %> host www.sans.org ns1.ems.psu.edu
> %> etc ....
>
> all report not found.
>
> Did they forget to pay the reg fee?
>
>
> --
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate
> Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@xxxxxxxxx
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 27
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: <cta@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Cc: "'lepkie'" <lepkie@xxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Email for sans.org?
Date: Tue, 2 Sep 2003 18:42:06 -0400
Any idea who is receiving email messages being sent to sans.org?
Richard
#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################
--__--__--
Message: 28
From: "james" <hackerwacker@xxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 17:03:49 -0600
gtld's can't seem to point an NS to these domains:
[root@mrtg mrtg]# nslookup
> server k.gtld-servers.net
Default server: k.gtld-servers.net
Address: 192.52.178.30#53
> set querytype=NS
> sans.org
Server: k.gtld-servers.net
Address: 192.52.178.30#53
Non-authoritative answer:
*** Can't find sans.org: No answer
Authoritative answers can be found from:
. nameserver = i.root-servers.net.
. nameserver = d.root-servers.net.
. nameserver = c.root-servers.net.
. nameserver = k.root-servers.net.
. nameserver = f.root-servers.net.
. nameserver = m.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = j.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = g.root-servers.net.
i.root-servers.net internet address = 192.36.148.17
d.root-servers.net internet address = 128.8.10.90
c.root-servers.net internet address = 192.33.4.12
k.root-servers.net internet address = 193.0.14.129
f.root-servers.net internet address = 192.5.5.241
m.root-servers.net internet address = 202.12.27.33
h.root-servers.net internet address = 128.63.2.53
b.root-servers.net internet address = 128.9.0.107
j.root-servers.net internet address = 192.58.128.30
e.root-servers.net internet address = 192.203.230.10
l.root-servers.net internet address = 198.32.64.12
a.root-servers.net internet address = 198.41.0.4
g.root-servers.net internet address = 192.112.36.4
> www.incidents.org
Server: k.gtld-servers.net
Address: 192.52.178.30#53
Non-authoritative answer:
*** Can't find www.incidents.org: No answer
Authoritative answers can be found from:
. nameserver = m.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = j.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = g.root-servers.net.
. nameserver = i.root-servers.net.
. nameserver = d.root-servers.net.
. nameserver = c.root-servers.net.
. nameserver = k.root-servers.net.
. nameserver = f.root-servers.net.
m.root-servers.net internet address = 202.12.27.33
h.root-servers.net internet address = 128.63.2.53
b.root-servers.net internet address = 128.9.0.107
j.root-servers.net internet address = 192.58.128.30
e.root-servers.net internet address = 192.203.230.10
l.root-servers.net internet address = 198.32.64.12
a.root-servers.net internet address = 198.41.0.4
g.root-servers.net internet address = 192.112.36.4
i.root-servers.net internet address = 192.36.148.17
d.root-servers.net internet address = 128.8.10.90
c.root-servers.net internet address = 192.33.4.12
k.root-servers.net internet address = 193.0.14.129
f.root-servers.net internet address = 192.5.5.241
> incidents.org
Server: k.gtld-servers.net
Address: 192.52.178.30#53
Non-authoritative answer:
*** Can't find incidents.org: No answer
Authoritative answers can be found from:
. nameserver = c.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = k.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = g.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = f.root-servers.net.
. nameserver = m.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = j.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = i.root-servers.net.
. nameserver = d.root-servers.net.
c.root-servers.net internet address = 192.33.4.12
a.root-servers.net internet address = 198.41.0.4
k.root-servers.net internet address = 193.0.14.129
b.root-servers.net internet address = 128.9.0.107
g.root-servers.net internet address = 192.112.36.4
e.root-servers.net internet address = 192.203.230.10
f.root-servers.net internet address = 192.5.5.241
m.root-servers.net internet address = 202.12.27.33
h.root-servers.net internet address = 128.63.2.53
j.root-servers.net internet address = 192.58.128.30
l.root-servers.net internet address = 198.32.64.12
i.root-servers.net internet address = 192.36.148.17
d.root-servers.net internet address = 128.8.10.90
>
--__--__--
Message: 29
From: David Vincent <david.vincent@xxxxxxxxxxxxxx>
To: "'Full-Disclosure (E-mail)" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] sans.org - OFFTOPIC
Date: Tue, 2 Sep 2003 16:21:50 -0700
> > ----- Original Message -----
> > From: "lepkie" <lepkie@xxxxxxxxxxxx>
> > To: <full-disclosure@xxxxxxxxxxxxxxxx>
> > Sent: Tuesday, September 02, 2003 1:29 PM
> > Subject: [Full-Disclosure] sans.org
> >
> > maybe off topic
> >
> > can anyone resolve www.sans.org or www.incidents.org?
> > I tried several name servers and none return an A record.
> >
> > %> host www.sans.org ns2.berkeley.edu
> > %> host www.sans.org ns1.ems.psu.edu
> > %> etc ....
> >
> > all report not found.
> >
> > Did they forget to pay the reg fee?
> -----Original Message-----
> From: Kurt Seifried [mailto:listuser@xxxxxxxxxxxx]
> Sent: September 2, 2003 2:41 PM
> To: lepkie@xxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] sans.org - OFFTOPIC
>
> In a word: yes. They work fine. Your DNS is buggered. Next
> time I suggest
> checking a website such as Sam Spade before emailing a list
> with thousands
> of subscribers for something as ridiculously trivial as this.
>
>
> Kurt Seifried, kurt@xxxxxxxxxxxx
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
kurt, STFU.
some people may not have the same level of knowledge about
troubleshooting
issues like this. they will ask questions you and i may be able to
answer
easily. despite what you feel, they do have a right to read and post to
these lists (at least, it is outside your purview).
hell, sometimes even "the experts" don't have time to check out a little
thing and will ask for help too.
because it is trivial to you does not mean it is trivial to someone
else.
your trolling/flaming is useless. it only shows you are not someone
who is
willing to help out, that you are someone it would be a waste of time
talking to, and that you, in a word, suck.
keep it to yourself. if you think a post is useless, delete it. don't
bitch about it. take some initiative.
did you have too much coffee today and get all jittery? or are you
quitting
smoking and are an extra bitch to bear today? <-- those are rhetorical
in
case you weren't sure.
-d
--__--__--
Message: 30
From: Andre Ludwig <ALudwig@xxxxxxxxxxxxxxx>
To:
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Date: Tue, 2 Sep 2003 16:32:47 -0700
Subject: [Full-Disclosure] The Worm tard who got busted
You guys are amazing sometimes, it looks like a few of you have in fact
done
some googling and some detective work. Others are simply content on
sitting
on the sidelines and spewing only moderately informative opinions around
like they are going out of style.
If the topic of what this kid did and how stupid he was interests you go
ahead and do some more detective work. The kid left one helluva trail
on the
net with SEVERAL postings on trojanforge.net (which has been offline
since
Friday). What was he posting about? Normal script kiddie things like
y0
d00dz ch3ck 0utz my l33t st4sh 0f spl01tz 4nd tr0j4nZ. Not to mention
asking about several small footprint irc based RAT's. So 1+1=2, and
in my
book the kid is simply an amateur crook who should get the book thrown
at
him. He would gain some respect from me if he had more skill, but im
not a
bleeding heart, you do the crime u do the time. Granted i am not one
to
judge but if i was in the jury there wouldn't be much of a doubt in my
mind
as to who was behind things.
Wow he even looks to have defaced a site or two.. (look at the title of
the
window that loads)
http://216.239.37.104/search?q=cache:t12Nd707VCkJ:www.satanosphere.com/+teek
id&hl=en&ie=UTF-8
Teekids Thoughts on VB6 vs .NET
http://216.239.53.104/search?q=cache:oY-N3GP1w4cJ:www.trojanforge.net/showth
read.php%3Fthreadid%3D1715++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8
Teekid Hiting the wrong button (new thread instead of reply)
http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8
Teekid Asking for a small footprint IRC boot with UDP features.
http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8
Teekid Pimping his m4d l33t w4r3z.. (his trojan archive)
http://216.239.53.104/search?q=cache:RFRMkPANScMJ:www.trojanforge.net/showth
read/t-36.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
Teekid shopping for a RAT
http://216.239.53.104/search?q=cache:oSgqX5TAsQMJ:www.trojanforge.net/showth
read/t-6016.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
Teekid pimping his IRCBOTS site.
http://216.239.53.104/search?q=cache:SUybKHSk8ncJ:www.trojanforge.net/showth
read/t-2693.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
Teekid coming to the aid of a fellow RAT developer (what a nice guy)
http://216.239.37.104/search?q=cache:39FRhHqYu7cJ:www.trojanforge.net/showth
read/t-5143.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
All this was taken from only one site, if u want u can even find his
flipping CS scores on several servers. He wasn't to bad of a shot with
a
M4.
And for fun
http://asmallvictory.net/archives/jabbahack.jpg
Are all virus coders so stunning and athletic looking?
http://us.news1.yimg.com/us.yimg.com/p/rids/20030829/i/1062184970.2617294885
.jpg
Wow ever since the rash of articles about our favorite coder of the
week it
is allot harder to find some of the stuff that i found on fri and sat.
Sorry
for the rant of sorts just sort of irked me that after reading 100 or so
emails about the kid no one even bothered to bring up any sort of
evidence
that could have been gleamed ( thank god for goggle cache). I would have
posted more threads by the perp but the site is down, and while im sure
with
some more time and searching i could dig up irc chat logs, and other
such
info i unfortunately have a job to do (even though i hate it).
Andre Ludwig, CISSP
--__--__--
Message: 31
Reply-To: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
To: "james" <hackerwacker@xxxxxxxxxxxxx>,
<full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] sans.org
Date: Tue, 2 Sep 2003 18:12:11 -0600
>gtld's can't seem to point an NS to these domains:
>
>[root@mrtg mrtg]# nslookup
>> server k.gtld-servers.net
>Default server: k.gtld-servers.net
>Address: 192.52.178.30#53
>> set querytype=NS
>> sans.org
>Server: k.gtld-servers.net
>Address: 192.52.178.30#53
>
>Non-authoritative answer:
>*** Can't find sans.org: No answer
This is ... rather normal. .org is served by *.NSTLD.COM now. .net and
.com
are still served by *.gtld-servers.net.
It looks like register.com either hosed their database, or hosed records
while trying to update various records (at the request of the owners or
someone else, who knows).
A variety of domains appear affected, sans.org, dhsield.org,
incidents.org,
homepc.org, etc. All .org, all related and sharing infrastructure
aooerently.
Right now I'm inclined towards Occam's razor, this is a technical screw
up/"normal" DNS modification and not something "evil".
Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
--__--__--
Message: 32
Date: Tue, 2 Sep 2003 17:37:31 -0700
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
To: nonleft@xxxxxxx
Cc: zobel@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer
mshtml.dll Denial of Service?
This is helpful. In addition, thanks to a file format breakdown by
Caraciola I was able to more reliably crash my IE. By taking the last
data block in the file and extending it by a few hundred bytes, I think
I have found that an overflow exists. I have begun debugging it, but I
don't have a lot of good windows tools available to me, so someone else
should give it a shot (and post to the list).
The file I created, based on the original:
00000000 47 49 46 38 39 61 01 00 01 00 80 00 GIF89a......
0000000C 00 FF FF FF 00 00 00 21 F9 04 01 00 .......!....
00000018 00 00 00 2C 00 00 00 00 01 00 01 00 ...,........
00000024 00 00 01 41 41 41 41 41 41 41 41 41 ...AAAAAAAAA
00000030 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000003C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000048 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000054 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000060 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000006C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000078 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000084 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000090 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000009C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000A8 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000B4 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000C0 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000CC 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000D8 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000E4 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000F0 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000000FC 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000108 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000114 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000120 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000012C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000138 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000144 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000150 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000015C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000168 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000174 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000180 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
0000018C 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
00000198 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAA
000001A4 41 41 41 41 41 41 41 41 41 41 00 3B AAAAAAAAAA.;
It appears the subroutine that parses the gif image allocates a buffer
of length based on the size indicated in the data block. Then it
proceeds to read the data block, looking for a 0x00 (or some other
end-of-block identifier) to quit. It doesn't limit itself to the block
size when copying data from the file.
I have not been able to determine whether this is a heap or stack
overflow.
However, after some fiddling, I have found this problem also affects
explorer.exe. Copy the file to a folder in windows, and turning
on your image preview pane (web content pane, whatever that rubbish is
on the left side) while viewing that directory. Then click on the file,
and when the preview pane tries to render the image, sometimes it
crashes.
Since a seperate thread of execution does the parsing, race conditions
are probably what is making the crashes inconsistent.
Anyone else have more to offer?
tim
On Tue, Sep 02, 2003 at 05:38:43PM +0200, nonleft@xxxxxxx wrote:
> crashes on my side as well
>
> win XP no packets in place.
> so I run my debugger: (sorry german)
>
> Der Thread 'Win32 Thread' (0x818) hat mit Code 0 (0x0) geendet.
> Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
> Zugriffsverletzung-Leseposition 0x00000005.
> Eine Ausnahme (erste Chance) bei 0x00000005 in : 0xC0000005:
> Zugriffsverletzung-Leseposition 0x00000005.
> Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
> Zugriffsverletzung-Leseposition 0x00000005.
>
> well it tries to do a read function in the memory, were it has not
business
> to do :-)
> and this causes the system failure and the program has to be restarted
>
> 7FFE02FC add byte ptr [eax],al
> 7FFE02FE add byte ptr [eax],al
> 7FFE0300 mov edx,esp
> 7FFE0302 sysenter
> 7FFE0304 ret
> 7FFE0305 pushfd
> 7FFE0306 or dword ptr [esp],100h
> 7FFE030D popfd
> 7FFE030E ret <---- here comes the downfall :-)
> 7FFE030F mov edx,esp
> 7FFE0311 syscall
> 7FFE0313 ret
> 7FFE0314 nop
> 7FFE0315 pushfd
> 7FFE0316 or dword ptr [esp],100h
>
> so it comes from:
>
> 7ffe0304()
> ntdll.dll!77f6f4af()
> ntdll.dll!77f6e265()
> mshtml.dll!74877f58()
> > mshtml.dll!74877576()
> that was it on my machine.....
>
> reproduced it twice.
> but i could not see what this behavior evoked in the html code?!?!
> first i thought could have something to do with the embedded scripts,
but
> doesn't seem so....
>
> btw not using Outlook (and i could not see why this should have
something to
> do with it)
>
>
> mfg/kind regards
>
> nonleft
> At 13:53 02.09.2003 +0200, you wrote:
>
> Hi,
>
> > No, I am very sure that this happens also, if you follow the link
inside
> > a web page only (without an involving mail client).
>
> > So go to http://www.counterpane.com/crypto-gram.html , scroll down
and
> > click the link that says "Holger Hasselbach has translated several
> > issues of Crypto-Gram into German [...]". The error occurs as
described
> > in my original posting.
>
>
> well i tried
>
> windows 2003 server no updates
>
> first time i clicked it page closed after 5 seconds
>
> second time nothing happened
>
> third time it closed after 5 seconds
>
> well 4th time nothing happened
>
> 5th time closed again
>
> eaach time i spawned a new ie-window with the link and then followed
> the one in the bottom
>
> mfg
>
> Michel Zobel
> Software Entwicklung
> hnw health network GmbH i.G.
>
> --
> COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
> --------------------------------------------------
> 1. GMX TopMail - Platz 1 und Testsieger!
> 2. GMX ProMail - Platz 2 und Preis-Qualit?tssieger!
> 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8.
e-Post
> HTTP/1.1 200 OK
> Date: Tue, 02 Sep 2003 15:21:25 GMT
> Server: Apache
> Last-Modified: Thu, 28 Aug 2003 19:52:06 GMT
> ETag: "2dc9a-9cb7-3f4e5d66"
> Accept-Ranges: bytes
> Content-Length: 40119
> Connection: close
> Content-Type: text/html
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>
> <html>
>
> <head>
>
> <title>Counterpane: Crypto-Gram</title>
>
> <link rel="STYLESHEET" type="text/css" href="cp.css">
>
> <script></script>
> <script src="scripts/cp-5.js"></script>
>
> <script>
>
> var nameMenus = new Array('menuCompany', 'menuServices',
'menuCustomers', 'menuNews', 'menuLibrary', 'menuSite', 'menuContact');
> var menuImgNames = new Array();
> menuImgNames['menuCompany'] = 'nav_4_company';
> menuImgNames['menuServices'] = 'nav_4_services';
> menuImgNames['menuCustomers'] = 'nav_5_customers';
> menuImgNames['menuNews'] = 'nav_new_news';
> menuImgNames['menuLibrary'] = 'nav_new_library';
> menuImgNames['menuSite'] = 'nav_new_site';
> menuImgNames['menuContact'] = 'nav_5_contact';
>
> function init(){
>
> loaded = true;
> if (ns4) {
> window.captureEvents(Event.RESIZE);
> window.onresize = netscapeResize;
> document.alinkColor="#666666";
> document.vlinkColor="#666666";
> }
> else if (!ie4 && DOM) {
> document.getElementById("menuCompany").style.display = "";
> document.getElementById("menuServices").style.display = "";
> document.getElementById("menuCustomers").style.display = "";
> document.getElementById("menuNews").style.display = "";
> document.getElementById("menuLibrary").style.display = "";
> document.getElementById("menuSite").style.display = "";
> document.getElementById("menuContact").style.display = "";
> }
>
> returnLayer("menuCompany");
> returnLayer("menuServices");
> returnLayer("menuCustomers");
> returnLayer("menuNews");
> returnLayer("menuLibrary");
> returnLayer("menuSite");
> returnLayer("menuContact");
> }
> </script>
> </head>
>
> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"
onLoad="init()" alink="#666666" vlink="#666666" bgcolor="#FFFFFF"
text="#000000">
>
>
> <!-- top navigation ------------------------------------------>
> <table width="100%" cellspacing="0" cellpadding="0" border="0">
>
> <tr>
>
> <!-- logo ------------------------------------------------>
> <td width="146" bgcolor="#FFFFFF"><a href="index.html"><img
src="images/cplogo.gif" alt="COUNTERPANE LOGO" border="0" width="132"
height="87" hspace="5" vspace="15"></a><br>
> <img src="images/clear.gif" alt="" border="0" width="146"
height="10" vspace=0 hspace=0></td>
>
> <td width="100%" valign="top" align="left" height=70>
>
> <!-- menu bar -->
> <table width="100%" cellspacing="0" cellpadding="0" border="0">
> <tr bgcolor="#001851">
> <script language="JavaScript" type="text/javascript">
> <!--
> document.writeln('<td width="76"><a href="#"
onMouseover="menuOn(\'menuCompany\')"
onMouseout="overChecker(\'menuCompany\')"><img name="nav_4_company"
src="images/nav_4_company.gif" width="76" height="26" border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuServices\')"
onMouseout="overChecker(\'menuServices\')"><img name="nav_4_services"
src="images/nav_4_services.gif" width="78" height="26" border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuCustomers\')"
onMouseout="overChecker(\'menuCustomers\')"><img name="nav_5_customers"
src="images/nav_5_customers.gif" width="78" height="26" border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuNews\')" onMouseout="overChecker(\'menuNews\')"><img
name="nav_new_news" src="images/nav_new_news.gif" width="78" height="26"
border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuLibrary\')"
onMouseout="overChecker(\'menuLibrary\')"><img name="nav_new_library"
src="images/nav_new_library.gif" width="78" height="26" border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuSite\')" onMouseout="overChecker(\'menuSite\')"><img
name="nav_new_site" src="images/nav_new_site.gif" width="78" height="26"
border="0"></a></td>');
> document.writeln('<td width="78"><a href="#"
onMouseover="menuOn(\'menuContact\')"
onMouseout="overChecker(\'menuContact\')"><img name="nav_5_contact"
src="images/nav_5_contact.gif" width="78" height="26" border="0"></a></td>');
>
> //-->
> </script>
> <noscript>
> <td width="76"><a href="#"><img alt="" src="images/clear.gif"
width="76" height="26" border="0"></a></td>
> <td width="78"><a href="#"><img alt="" src="images/clear.gif"
width="78" height="26" border="0"></a></td>
> <td width="78"><a href="#"><img alt="" src="images/clear.gif"
width="78" height="26" border="0"></a></td>
> <td width="78"><a href="#"><img alt="" src="images/clear.gif"
width="78" height="26" border="0"></a></td>
> <td width="78"><a href="#"><img alt="" src="images/clear.gif"
width="78" height="26" border="0"></a></td>
> <td width="78"><a href="#"><img alt="" src="images/clear.gif"
width="78" height="26" border="0"></a></td>
> <td width="70"><a href="sitemap.html"><img alt="SITE MAP"
src="images/nav_new_sitemap.gif" width="70" height="26" border="0"></a></td>
> </noscript>
> <td width="70"><img src="images/clear.gif" alt="" width="70"
height="5" border="0"></td>
> <td width="14"><img src="images/clear.gif" alt=""
width="14" height="1"></td>
> <td width="2"><img src="images/clear.gif" alt=""
width="2" height="1"></td>
> <td background="images/angle.gif" width="100%"
bgcolor="#FFFFFF"><img src="images/clear.gif" alt="" width="1" height="1"></td>
> </tr>
>
> <tr height="4" bgcolor="#CCCCCC">
> <td colspan="8"><img src="images/clear.gif" alt=""
width="92" height="4"></td>
> <td width="25"><img src="images/clear.gif" alt=""
width="25" height="4"></td>
> <td><img src="images/clear.gif" alt="" width="1"
height="4"></td>
> <td width="100%" bgcolor="#FFFFFF"
background="images/angle_bottom.gif"><img src="images/clear.gif" alt=""
width="1" height="4"></td>
> </tr>
>
> </table>
> </td>
> </tr>
>
> </table>
>
> <!-- end top navigation -->
>
>
>
> <!---- global table ------------------------->
> <table cellpadding="0" cellspacing="0" border="0" width="558">
>
> <tr>
>
> <!-------------- left column
---------------------------------------------------->
>
> <td valign="top" width="146" bgcolor="#CCCCCC">
>
> <!---- highlights ------------------------->
> <img src="images/topleft_whatsnew.gif" alt="What's New" border="0"
width="146" height="18"><br>
>
> <table cellpadding="0" cellspacing="0" border="0" width="146">
> <tr>
> <td><img src="images/clear.gif" alt="" border="0" width="6"
height="1"></td>
> <td><table cellpadding="0" cellspacing="0" border="0" width="134">
> <tr>
> <td><img src="images/clear.gif" alt="" border="0" width="1"
height="10"></td></tr>
>
> <!--ignore_perlfect_search-->
> <!-- begin highlights -->
>
>
> <tr><td class="leftcol"><a href="pr-20030825.html">Counterpane
Delivers Industry's Most Comprehensive Managed Security Services</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="alerts.html">Security Alerts: Nachi
Worm, New SoBig Variant</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="pr-20030813.html">Paul Stich Assumes
Role of President and CEO</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="pr-20030715.html">Counterpane
Announces Record Second Quarter Results</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="pr-20030625.html">Bruce Schneier
Testifies at Hearing of Homeland Security Subcommittee</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="pr-sclifetime.html">Secure Computing
Magazine Honors Bruce Schneier with Lifetime Achievement Award</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
> <tr><td class="leftcol"><a href="pr-hs.html">Counterpane Strengthens
Executive Team with the Additions of Doug Howard and Kevin Senator</a></td></tr>
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
>
>
>
>
>
>
>
>
>
>
>
>
>
> <!-- end highlights -->
> <!--/ignore_perlfect_search-->
>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="14"></td></tr>
> </table>
> </td>
> </tr>
> </table>
>
>
>
> <!---- search form ------------------------->
> <table cellpadding="0" cellspacing="0" border="0" width="146">
> <tr><td colspan=2><img src="images/dottedline.gif" alt=""
border="0" width="146" height="1"></td></tr>
> <tr><td colspan=2><img src="images/search_header.gif" alt="Search"
border="0" width=38 height=16 hspace="5"></td></tr>
> <tr><td colspan=2><img src="images/dottedline.gif" alt=""
border="0" width="146" height="1"></td></tr>
> <tr><td colspan=2><img src="images/clear.gif" alt="" border="0"
width="1" height="10"></td></tr>
> <tr valign=middle><form name="searchForm"
action="/search/search.pl"><td align=left class="black-text" valign=top>
> <!-- conditional sizing of search field, based on browser -->
> <script language="JavaScript" type="text/javascript">
> <!--
> if(ns4 && !mac) {document.writeln('<input type="text"
class="black-text" size="8" name="q">');}
> else if (ns4 && mac) {document.writeln('<input type="text"
size="11" class="black-text" name="q" onFocus="scrollTo(0,0)">');}
> else if (ie4 && mac) {document.writeln('<input type="text"
size="15" name="q">');}
> else {document.writeln('<input type="text" size="16"
class="black-text" name="q">');}
> //-->
> </script>
> <noscript><input type="text" size="8" class="black-text"
name="q"></noscript>
>
>
> </td><td><input WIDTH=24 HEIGHT=15 type="image" name="q"
src="images/search_button2.gif" alt="GO" hspace=2
border="0"></td></form></tr></table>
>
>
>
> <!------- end of left column------------------->
> </td>
>
> <!---spacer----><td width="8"><img src="images/clear.gif" alt=""
border="0" width="8" height="1"><br></td>
>
> <!-------------- middle column
------------------------------------------------------->
> <td valign="top" width="404">
> <table cellpadding="0" cellspacing="0" border="0" width="404">
> <tr>
> <td><img src="images/header_crypto.gif" alt="Crypto-Gram
Newsletter" border="0" width=199 height=14></td>
> </tr>
> <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt=""
border="0" width="404" height="1"></td></tr>
> </table>
> <table cellpadding="0" cellspacing="0" border="0" width="404">
> <tr>
> <td valign="bottom" align="left"> <!---- title
------------------------->
> <table cellpadding="0" cellspacing="0" border="0"
width="403">
> <tr>
> <td width="393" align="left" valign="top">
> <p><img src="images/clear.gif" alt="" border="0"
width="1" height="10"></p>
>
> <table width="393" border="0" cellspacing="0"
cellpadding="4">
>
>
> <TR><TD colspan=2>
> <P class="black-text">Crypto-Gram is a <STRONG>free</STRONG> monthly
e-mail newsletter on computer security and cryptography from
> <a href="schneier.html">Bruce Schneier</a>
> (author of <a href="sandl.html">Secrets and Lies</a> and <a
href="applied.html">Applied Cryptography</a>, inventor of <a
href="blowfish.html">Blowfish</a>
> and <a href="twofish.html">Twofish</a>,
> CTO and founder of <a href="/">Counterpane Internet Security,
Inc.</a>,
> general <a href="pitfalls.html">crypto pundit</a>
> and occasional
> <a href="whycrypto.html">crypto curmudgeon</a>).
>
> <P class="black-text"><STRONG
class="black-bold-text">Subscriptions</STRONG>
> <BR>To subscribe to the list, send e-mail to <a
href="mailto:crypto-gram-subscribe@xxxxxxxxxxxxxxxxx";>our subscription
address</a> from the address you wish to subscribe. You will receive a
confirmation message; reply to that message to finalize your subscription.
>
> <P class="black-text"><a
href="http://www.counterpane.com/unsubform.html";>More details on subscribing
and unsubscribing</a>
>
> <P class="black-text">Our <a href="#privacy">privacy statement</a> is
below.
>
> <P class="black-text"><STRONG class="black-bold-text">Issues</STRONG>
> </TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0308.html">15 Aug 2003</a></TH>
> <TD class="black-text">Beyond Fear, flying on someone else's plane
ticket, hidden text in computer documents</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0307.html">15 Jul 2003</a></TH>
> <TD class="black-text">How to fight, more e-mail filtering idiocy,
Password Safe, crying wolf</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0306.html">15 Jun 2003</a></TH>
> <TD class="black-text">Cyber-terrorism, self-destructing DVDs,
attacking virtual machines, auditable tasers</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0305.html">15 May 2003</a></TH>
> <TD class="black-text">Encryption and wiretapping, receipts, unique
e-mail addresses and spam</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0304.html">15 Apr 2003</a></TH>
> <TD class="black-text">Postal denial-of-service, baseball, NCIC
database accuracy</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0303.html">15 Mar 2003</a></TH>
> <TD class="black-text">Practical Cryptography, SSL flaw, SSL patent
case, woodland ants</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0302.html">15 Feb 2003</a></TH>
> <TD class="black-text">Locks and full disclosure, SQL Slammer,
importance of authentication</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0301.html">15 Jan 2003</a></TH>
> <TD class="black-text">Militaries and cyber-war, cichlid fish, RMAC
authentication mode</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0212.html">15 Dec 2002</a></TH>
> <TD class="black-text">Counterattack, Department of Homeland
Security, Dan Cooper, crime</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0211.html">15 Nov 2002</a></TH>
> <TD class="black-text">New book, Japanese honeybees, choose your own
Doghouse candidate</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0210.html">15 Oct 2002</a></TH>
> <TD class="black-text">National Strategy to Secure Cyberspace, more
on AES cryptanalysis, one-time pads</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0209.html">15 Sep 2002</a></TH>
> <TD class="black-text">Word 97 vulnerability, AES news, Reveal, The
Odyssey</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0208.html">15 Aug 2002</a></TH>
> <TD class="black-text">Palladium and the TCPA, license to hack,
arming airline pilots</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0207.html">15 Jul 2002</a></TH>
> <TD class="black-text">Embedded control systems and security, Perrun
virus</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0206.html">15 Jun 2002</a></TH>
> <TD class="black-text">Fixing intelligence failures, more on secrecy
and security</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0205.html">15 May 2002</a></TH>
> <TD class="black-text">Secrecy, security, and obscurity; fun with
fingerprint readers</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0204.html">15 Apr 2002</a></TH>
> <TD class="black-text">How to think about security, liability and
security, key length</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0203.html">15 Mar 2002</a></TH>
> <TD class="black-text">SNMP, IETF "Responsible Disclosure"
document, Bernstein's factoring paper</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0202.html">15 Feb 2002</a></TH>
> <TD class="black-text">Judging Microsoft, Oracle's
"unbreakable" database</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0201.html">15 Jan 2002</a></TH>
> <TD class="black-text">Windows UPnP vulnerability, Password Safe 2.0,
AGS Encryptions</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0112.html">15 Dec 2001</a></TH>
> <TD class="black-text">National ID cards, judges punish bad security,
fun with vulnerability scanners</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0111.html">15 Nov 2001</a></TH>
> <TD class="black-text">Full disclosure, GOVNET, Password Safe
vulnerability, Windows XP</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0110.html">15 Oct 2001</a></TH>
> <TD class="black-text">Cyberterrorism and cyberhooliganism, war on
terrorism, SSSCA, Nimda, port 80</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0109a.html">30 Sep 2001</a></TH>
> <TD class="black-text">Special issue on the Sep. 11 terrorist attacks
and their aftermath
> <BR><a
href="http://zeusnews.com/index.php3?ar=stampa&cod=838&ar2=stampa&numero=999";>Italian
translation by Paolo Attivissimo</a></TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0109.html">15 Sep 2001</a></TH>
> <TD class="black-text">11 September 2001, NSA's dual counter mode,
Microsoft root certificate program</TD></TR>
> <TR valign=top>
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0108.html">15 Aug 2001</a></TH>
> <TD class="black-text">DMCA, Code Red, copyright protection,
cybercrime treaty</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0107.html">15 Jul 2001</a></TH>
> <TD class="black-text">Phone hacking: the next generation, monitoring
first</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0106.html">15 Jun 2001</a></TH>
> <TD class="black-text">Honeypots and Honeynet, Invicta Networks, DDOS
attacks on grc.com</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0105.html">15 May 2001</a></TH>
> <TD class="black-text">Military history, digital copy prevention,
security standards, safe personal computing</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0104.html">15 Apr 2001</a></TH>
> <TD class="black-text">Advantages of defense, CSI computer crime
survey, fake Microsoft certificates</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0103.html">15 Mar 2001</a></TH>
> <TD class="black-text">The security patch treadmill, insurance, death
of IDS, 802.11 security</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0102.html">15 Feb 2001</a></TH>
> <TD class="black-text">CPRM, an intentional backdoor, e-mail filter
idiocy, air gaps, internet voting</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0101.html">15 Jan 2001</a></TH>
> <TD class="black-text">A cyber UL?, SafeMessage, social engineering,
code signing in Windows</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0012.html">15 Dec 2000</a></TH>
> <TD class="black-text">Voting and technology, digital safe-deposit
boxes, new bank privacy regs</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0011.html">15 Nov 2000</a></TH>
> <TD class="black-text">Digital signatures, SDMI hacking challenge,
Microsoft hack</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0010.html">15 Oct 2000</a></TH>
> <TD class="black-text">Semantic attacks, cybercrime treaty, NSA on
security, AES announced</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0009.html">15 Sep 2000</a></TH>
> <TD class="black-text">Full disclosure, Carnivore, FBI and the
Olympics, Facemail, PGP vulnerability</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0008.html">15 Aug 2000</a></TH>
> <TD class="black-text">Secrets and Lies, "Crime in
Cyberspace" convention, Authentica, Bluetooth</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0007.html">15 Jul 2000</a></TH>
> <TD class="black-text">Full disclosure and the CIA, presidential
password, lockmaking, Unicode</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0006.html">15 Jun 2000</a></TH>
> <TD class="black-text">SOAP, Java and viruses, DES,
Infraworks</TD></TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0005.html">15 May 2000</a></TH>
> <TD class="black-text">Microsoft vs. Slashdot, Cybercrime treaty,
Trusted client software, ILOVEYOU</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0004.html">15 Apr 2000</a></TH>
> <TD class="black-text">AES conference, French banking card hack,
Microsoft Active Setup, UCITA</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0003.html">15 Mar 2000</a></TH>
> <TD class="black-text">Kerberos and Win2K, software burglary tools,
UCITA, software complexity</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0002.html">15 Feb 2000</a></TH>
> <TD class="black-text">Distributed denial-of-service, Chinese crypto
regs, publicizing vulnerabilities</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-0001.html">15 Jan 2000</a></TH>
> <TD class="black-text">Publicity attacks, new encryption regs,
Netscape, block and stream ciphers</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9912.html">15 Dec 1999</a></TH>
> <TD class="black-text">Security as process, ECHELON, export
regulations draft, GSM encryption</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9911.html">15 Nov 1999</a></TH>
> <TD class="black-text">Why computers are insecure, DVD encryption,
Win CE, Elliptic Curves</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9910.html">15 Oct 1999</a></TH>
> <TD class="black-text">Becoming a cryptographer, export rules, AMD,
PKI slogans, key length</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9909.html">15 Sep 1999</a></TH>
> <TD class="black-text">Open source, NSAKEY, CESA, E*Trade, factoring
RSA</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9908.html">15 Aug 1999</a></TH>
> <TD class="black-text">Back Orifice 2000, AES news, HPUX, web-based
encrypted mail</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9907.html">15 Jul 1999</a></TH>
> <TD class="black-text">Future of crypto-hacking, bungled SSL, reader
comments</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9906.html">15 Jun 1999</a></TH>
> <TD class="black-text">E-mail viruses, hacking archives,
international encryption policy</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9905.html">15 May 1999</a></TH>
> <TD class="black-text">Internationalization of cryptography, export
rules, TWINKLE</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9904.html">15 Apr 1999</a></TH>
> <TD class="black-text">The importance of not being different, smart
card threats, attacking certificates with viruses</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9903.html">15 Mar 1999</a></TH>
> <TD class="black-text">Security hole in IE/Outlook and Office, AES
news, RSA-140 factored</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9902.html">15 Feb 1999</a></TH>
> <TD class="black-text">Snake oil, NSA and crypto export, WinXFiles,
back doors, Intel's processor ID</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9901.html">15 Jan 1999</a></TH>
> <TD class="black-text">1998 year-in-review, clueless agents,
Cayley-Purser</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9812.html">15 Dec 1998</a></TH>
> <TD class="black-text">Cracking contests, recognizing plaintext, zip
disks, Commerce Dept. committee</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9811.html">15 Nov 1998</a></TH>
> <TD class="black-text">Electronic commerce, micro locks, copy
protection, more on steganography</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9810.html">15 Oct 1998</a></TH>
> <TD class="black-text">Steganography, TriStrata, Rapid Remote, memo
to amateur cipher designers</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9809.html">15 Sep 1998</a></TH>
> <TD class="black-text">Cramer-Shoup, impossible cryptanalysis, street
performer, Private Doorbell</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9808.html">15 Aug 1998</a></TH>
> <TD><P class="black-text">Hardware DES cracker, KEA, chosen protocol
attack, biometrics</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9807.html">15 Jul 1998</a></TH>
> <TD class="black-text">Breaking RSA, declassifying Skipjack, secure
audit logs, WIPO</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9806.html">15 Jun 1998</a></TH>
> <TD class="black-text">Side channel attacks, risks of key escrow,
pseudo-random number generators</TD>
> </TR>
> <TR class="black-text">
> <TH align=left valign=top class="black-bold-text"><a
href="crypto-gram-9805.html">15 May 1998</a></TH>
> <TD class="black-text">AES, secret story of non-secret encryption,
conditional purchase orders</TD>
> </TR>
> <TR><TD colspan=2>
>
> <P class="black-text"><BR><STRONG class="black-bold-text"><a
name="trans">Translations</a></STRONG>
> <BR>Kriptópolis translates Crypto-Gram into <a
href="http://www.kriptopolis.com/index.php?id=C0_12_1";>Spanish</a>. <a
href="http://www.communicationvalley.it/crypto-gram.html";>Italian</a>
translations, by Communication Valley S.P.A., are available on the web or as a
mailing list. Holger Hasselbach has translated several issues of Crypto-Gram
into <a href="http://www.galad.com/extras/cg/cg.htm";>German</a>, and Fernandes
Gilbert has translated some issues into <a
href="http://perso.wanadoo.fr/gilbert.fernandes/cryptogram.html";>French</a>.
>
> <P class="black-text"><STRONG class="black-bold-text"><a
name="privacy">Privacy Statement</a></STRONG>
> <BR>Counterpane Internet Security, Inc. and Counterpane Labs will not
use the Crypto-Gram mailing list for any other purpose than e-mailing
Crypto-Gram. We will not use the mailing list for company marketing, nor will
we sell the list to any third parties.
>
> </TD></TR>
> </TABLE>
>
>
>
>
>
>
>
> </td>
> <td width="10"> </td>
> </tr>
> <!---- articles ------------------------->
> </table>
> <img src="images/clear.gif" alt="" border="0" width="1"
height="21"><br>
> <a href="#" onclick="scrollTo(0,0)"><img
src="images/back_to_top.gif" alt="TOP" border="0" width="27"
height="9"></a></td>
> <td bgcolor="#cccccc"><img src="images/clear.gif" alt="" border="0"
width="1" height="1"></td>
> </tr>
> </table>
> <table cellpadding="0" cellspacing="0" border="0" width="404">
> <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt=""
border="0" width="404" height="1"></td></tr>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="17"></td></tr>
> <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt=""
border="0" width="404" height="1"></td></tr>
> <tr><td class="black-text">Copyright Counterpane Internet Security,
Inc., 2003<BR>
> <a href="permiss.html">Reprint Permission</a></td></tr>
> <tr><td><img src="images/clear.gif" alt="" border="0" width="1"
height="50"></td></tr>
> </table>
>
> <!-------end of middle column------------------->
> </td>
>
> </tr>
> </table>
>
> <!-------end of global table------------------->
>
>
>
>
>
>
>
> <!-- dropdown menus -->
>
> <div id="menuContact" onMouseOver="menuOn('menuContact')"
onMouseOut="overChecker('menuContact')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuContact');}
> function onMouseOut() { overChecker('menuContact')}
> </script>
> <a href="cis-contact.html"
onmouseover="rollOn('contactnav_5_contact','menuContact')"
onmouseout="rollOff('contactnav_5_contact','menuContact')"><img
src="images/contactnav_5_contact.gif" alt="Contact" width=179 height=22
border="0" name="contactnav_5_contact"></a></div>
>
> <div id="menuSite" onMouseOver="menuOn('menuSite')"
onMouseOut="overChecker('menuSite')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuSite');}
> function onMouseOut() { overChecker('menuSite')}
> </script>
> <a href="index.html"
onmouseover="rollOn('sitenav_r_home','menuSite')"
onmouseout="rollOff('sitenav_r_home','menuSite')"><img
src="images/sitenav_r_home.gif" alt="Home" width=179 height=18 border="0"
name="sitenav_r_home"></a><br>
> <a href="sitemap.html"
onmouseover="rollOn('sitenav_r_sitemap','menuSite')"
onmouseout="rollOff('sitenav_r_sitemap','menuSite')"><img
src="images/sitenav_r_sitemap.gif" alt="Site Map" width=179 height=18
border="0" name="sitenav_r_sitemap"></a><br>
> <a href="cissearch.html"
onmouseover="rollOn('sitenav_r_search','menuSite')"
onmouseout="rollOff('sitenav_r_search','menuSite')"><img
src="images/sitenav_r_search.gif" alt="Search" width=179 height=18 border="0"
name="sitenav_r_search"></a><br>
> <a href="https://www.counterpane.com/ccrp/";
onmouseover="rollOn('sitenav_r_var','menuSite')"
onmouseout="rollOff('sitenav_r_var','menuSite')"><img
src="images/sitenav_r_var.gif" alt="VAR-only site" width=179 height=22
border="0" name="sitenav_r_var"></a></div>
>
> <div id="menuLibrary" onMouseOver="menuOn('menuLibrary')"
onMouseOut="overChecker('menuLibrary')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuLibrary');}
> function onMouseOut() { overChecker('menuLibrary')}
> </script>
> <a href="literature.html"
onmouseover="rollOn('librarynav_2_literature','menuLibrary')"
onmouseout="rollOff('librarynav_2_literature','menuLibrary')"><img
src="images/librarynav_2_literature.gif" alt="Counterpane Literature" width=179
height=18 border="0" name="librarynav_2_literature"></a><br>
> <a href="log-analysis.html"
onmouseover="rollOn('librarynav_2_log','menuLibrary')"
onmouseout="rollOff('librarynav_2_log','menuLibrary')"><img
src="images/librarynav_2_log.gif" alt="Log Analysis Resources" width=179
height=18 border="0" name="librarynav_2_log"></a><br>
> <a href="publish.html"
onmouseover="rollOn('librarynav_2_labs','menuLibrary')"
onmouseout="rollOff('librarynav_2_labs','menuLibrary')"><img
src="images/librarynav_2_labs.gif" alt="Counterpane Labs Publications"
width=179 height=18 border="0" name="librarynav_2_labs"></a><br>
> <a href="crypto-gram.html"
onmouseover="rollOn('librarynav_r_crypto','menuLibrary')"
onmouseout="rollOff('librarynav_r_crypto','menuLibrary')"><img
src="images/librarynav_r_crypto.gif" alt="Crypto-Gram" width=179 height=18
border="0" name="librarynav_r_crypto"></a><br>
> <a href="book-beyondfear.html"
onmouseover="rollOn('librarynav_4_beyond_fear','menuLibrary')"
onmouseout="rollOff('librarynav_4_beyond_fear','menuLibrary')"><img
src="images/librarynav_4_beyond_fear.gif" alt="Beyond Fear" width=179 height=18
border="0" name="librarynav_4_beyond_fear"></a><br>
> <a href="sandl.html"
onmouseover="rollOn('librarynav_r_sandl','menuLibrary')"
onmouseout="rollOff('librarynav_r_sandl','menuLibrary')"><img
src="images/librarynav_r_sandl.gif" alt="Secrets and Lies" width=179 height=22
border="0" name="librarynav_r_sandl"></a>
> </div>
>
> <div id="menuNews" onMouseOver="menuOn('menuNews')"
onMouseOut="overChecker('menuNews')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuNews');}
> function onMouseOut() { overChecker('menuNews')}
> </script>
> <a href="cisnews.html"
onmouseover="rollOn('newsnav_2_clip','menuNews')"
onmouseout="rollOff('newsnav_2_clip','menuNews')"><img
src="images/newsnav_2_clip.gif" alt="Press Clippings" width=179 height=18
border="0" name="newsnav_2_clip"></a><br>
> <a href="pressrel.html"
onmouseover="rollOn('newsnav_2_release','menuNews')"
onmouseout="rollOff('newsnav_2_release','menuNews')"><img
src="images/newsnav_2_release.gif" alt="Press Releases" width=179 height=18
border="0" name="newsnav_2_release"></a><br>
> <a href="analyst.html"
onmouseover="rollOn('newsnav_2_analyst','menuNews')"
onmouseout="rollOff('newsnav_2_analyst','menuNews')"><img
src="images/newsnav_2_analyst.gif" alt="Analyst Comments" width=179 height=18
border="0" name="newsnav_2_analyst"></a><br>
> <a href="alerts.html"
onmouseover="rollOn('newsnav_2_alerts','menuNews')"
onmouseout="rollOff('newsnav_2_alerts','menuNews')"><img
src="images/newsnav_2_alerts.gif" alt="Alerts" width=179 height=18 border="0"
name="newsnav_2_alerts"></a><br>
> <a href="conf.html"
onmouseover="rollOn('newsnav_2_calendar','menuNews')"
onmouseout="rollOff('newsnav_2_calendar','menuNews')"><img
src="images/newsnav_2_calendar.gif" alt="Calendar" width=179 height=22
border="0" name="newsnav_2_calendar"></a></div>
>
> <div id="menuCustomers" onMouseOver="menuOn('menuCustomers')"
onMouseOut="overChecker('menuCustomers')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuCustomers');}
> function onMouseOut() { overChecker('menuCustomers')}
> </script>
> <a href="customers.html"
onmouseover="rollOn('customersnav_5_customers','menuCustomers')"
onmouseout="rollOff('newsnav_5_customers','menuCustomers')"><img
src="images/customersnav_5_customers.gif" alt="Customers" width=179 height=22
border="0" name="customersnav_5_customers"></a></div>
>
> <div id="menuServices" onMouseOver="menuOn('menuServices')"
onMouseOut="overChecker('menuServices')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuServices');}
> function onMouseOut() { overChecker('menuServices')}
> </script>
> <a href="overview.html"
onmouseover="rollOn('servicesnav_4_suite','menuServices')"
onmouseout="rollOff('servicesnav_4_suite','menuServices')"><img
src="images/servicesnav_4_suite.gif" alt="Enterprise Protection Suite"
width=179 height=18 border="0" name="servicesnav_4_suite"></a><br>
> <a href="services-msm.html"
onmouseover="rollOn('servicesnav_4_msm','menuServices')"
onmouseout="rollOff('servicesnav_4_msm','menuServices')"><img
src="images/servicesnav_4_msm.gif" alt="Managed Security Monitoring" width=179
height=18 border="0" name="servicesnav_4_msm"></a><br>
> <a href="response.html"
onmouseover="rollOn('servicesnav_4_response','menuServices')"
onmouseout="rollOff('servicesnav_4_response','menuServices')"><img
src="images/servicesnav_4_response.gif" alt="Active Response" width=179
height=18 border="0" name="servicesnav_4_response"></a><br>
> <a href="device.html"
onmouseover="rollOn('servicesnav_4_device','menuServices')"
onmouseout="rollOff('servicesnav_4_device','menuServices')"><img
src="images/servicesnav_4_device.gif" alt="Device Management" width=179
height=18 border="0" name="servicesnav_4_device"></a><br>
> <a href="scanning.html"
onmouseover="rollOn('servicesnav_4_scanning','menuServices')"
onmouseout="rollOff('servicesnav_4_scanning','menuServices')"><img
src="images/servicesnav_4_scanning.gif" alt="Managed Vulnerability Scanning"
width=179 height=18 border="0" name="servicesnav_4_scanning"></a><br>
> <a href="consulting.html"
onmouseover="rollOn('servicesnav_5_consulting','menuServices')"
onmouseout="rollOff('servicesnav_5_consulting','menuServices')"><img
src="images/servicesnav_5_consulting.gif" alt="Security Consulting" width=179
height=18 border="0" name="servicesnav_5_consulting"></a><br>
> <a href="labs.html"
onmouseover="rollOn('servicesnav_5_labs','menuServices')"
onmouseout="rollOff('servicesnav_5_labs','menuServices')"><img
src="images/servicesnav_5_labs.gif" alt="Counterpane Labs" width=179 height=22
border="0" name="servicesnav_5_labs"></a></div>
>
> <div id="menuCompany" onMouseOver="menuOn('menuCompany')"
onMouseOut="overChecker('menuCompany')">
> <script language="JavaScript">
> function onMouseOver() { menuOn('menuCompany');}
> function onMouseOut() { overChecker('menuCompany')}
> </script>
> <a href="background.html"
onmouseover="rollOn('companynav_4_background','menuCompany')"
onmouseout="rollOff('companynav_4_background','menuCompany')"><img
src="images/companynav_4_background.gif" alt="Background" width=179 height=18
border="0" name="companynav_4_background"></a><br>
> <a href="team.html"
onmouseover="rollOn('companynav_5_team','menuCompany')"
onmouseout="rollOff('companynav_5_team','menuCompany')"><img
src="images/companynav_5_team.gif" alt="Our Team" width=179 height=18
border="0" name="companynav_5_team"></a><br>
> <a href="jobs.html"
onmouseover="rollOn('companynav_4_careers','menuCompany')"
onmouseout="rollOff('companynav_4_careers','menuCompany')"><img
src="images/companynav_4_careers.gif" alt="Careers" width=179 height=18
border="0" name="companynav_4_careers"></a><br>
> <a href="investors.html"
onmouseover="rollOn('companynav_4_investors','menuCompany')"
onmouseout="rollOff('companynav_4_investors','menuCompany')"><img
src="images/companynav_4_investors.gif" alt="Investors" width=179 height=18
border="0" name="companynav_4_investors"></a><br>
> <a href="partners.html"
onmouseover="rollOn('companynav_5_partners','menuCompany')"
onmouseout="rollOff('companynav_5_partners','menuCompany')"><img
src="images/companynav_5_partners.gif" alt="Partners" width=179 height=22
border="0" name="companynav_5_partners"></a></div>
> <!-- end of dropdown menus -->
>
>
>
>
>
> </body>
> </html>
--__--__--
_______________________________________________
Full-Disclosure mailing list
Full-Disclosure@xxxxxxxxxxxxxxxx
http://lists.netsys.com/mailman/listinfo/full-disclosure
End of Full-Disclosure Digest
<<winmail.dat>>