[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Britannia Security Advisory 001-2004 version 1.0

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Britannia Security Advisory 001-2004 version 1.0
From: Feher Tamas <etomcat@freemail.hu>
Date: Mon, 26 Jan 2004 17:33:53 +0100 (CET)

Britannia Security Advisory 001-2004 version 1.0

Attack described:
Valid input at vulnerable ports can result in loss of system integrity.

Vulnerable systems:
Operating system: Microsoft
Hardware: William H. Gates III

Attack method: small natural variations in regular operation of legacy 
systems may result in data transfer vector hitting incorrect port on 
vulnerable host.

Requirements:
Only particular legacy systems can act as attack source.
Vendor: Windsor (formerly Saxe-Coburg-Gotha)
Model: QE2 revision 1926

Attack data packet (Label:Offset) KBE:1917
Specific packet data in ASCII format follows:
"Knight Commander of the Most Excellent Order of the British Empire"

Vector: Sword
Symptoms: Loss of systems integrity, ear falls off.


Mitigation strategies:

Proactive:
a., Replace attacker.
Prior consultation recommended, see: Rumsfeld, Donald
Pro: Some irish guys will thank you
Con: High costs, popular resistance, media fallout needs be considered

b., Hire "set a thief to catch a chief" whitehat with prior blackhat 
experience in such ear attacks to evaluate risks and assess defensive 
methods. See: Simon "Kefas The Stone" Peter
Pro: documented to work
Con: most vendors refuse to deal with ex black-hats,
named consultant a known liar.

c., Physical protection of the vulnerable system recommended. See:
http://money.cnn.com/2004/01/26/technology/gates_knight.reut/gates_
knight2.03.jpg


Reactive:
a., Apply patches and cover damages with insurance policy. Forensics
almost never required, but surgery can restore systems integrity
up to 90-95%.

a., Hire consultant with prior experience in similar environment, who
advises on mitigating long-term effects of said systems integrity breach.
See: Lauda, Niki, Formula 1, Champion, Three times.

c., Whitehat already mentioned under paragraph "Proactive / b." may
contract a specialist, who is certified to restore ears integrity 100%.

Pro: Successful transaction can result in reception of further input
values. See: beatification, canonization, sainthood

Con: May require prior consultation with a joint polish-italian competitor
by the brand name JPII. May require changing vendor to a JPII 
recommended supplier, which can result in loss of original input data, 
due to vendor incompatibility between the attacker and 3rd party 
consultant.

End of security advisory 001-2004-version 1.0

*************************************************

Consumer version of security bulletin available at:
http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi
/uk_news/3428673.stm

Last modified: 26/01/2004 16:35GMT 8-)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Windows XP Explorer Executes Arbitrary Code in Folders
Next by Date: [Full-Disclosure] Re: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities
Previous by thread: Re:[Full-Disclosure] Windows XP Explorer Executes Arbitrary Code in Folders
Next by thread: [Full-Disclosure] Re: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities
Index(es):
- Date
- Thread