[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

::SPAM:: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP

To: Florian Weimer <fw@xxxxxxxxxxxxx>
Subject: ::SPAM:: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 18 Feb 2004 10:58:07 +0300

Spam detection software, running on the system "cw-1.crocker.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Dear Florian Weimer, It's different thing. Any
  infrastructure based on Windows is under risk. But it's not because
  VoIP uses ASN.1. --Wednesday, February 18, 2004, 12:32:10 AM, you wrote
  to 3APA3A@xxxxxxxxxxxxxxxx: [...] 

Content analysis details:   (6.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.9 FROM_NO_LOWER          'From' has no lower-case characters
 0.3 FROM_HAS_MIXED_NUMS    From: contains numbers mixed in with letters
 1.5 BODY_8BITS             BODY: Body includes 8 consecutive 8-bit characters
 1.9 DATE_IN_FUTURE_06_12   Date: is 6 to 12 hours after Received: date
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer

--- Begin Message ---

To: Florian Weimer <fw@xxxxxxxxxxxxx>
Subject: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 18 Feb 2004 10:58:07 +0300

Dear Florian Weimer,

It's different thing. Any infrastructure based on Windows is under risk.
But it's not because VoIP uses ASN.1.

--Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 
3APA3A@xxxxxxxxxxxxxxxx:

FW> 3APA3A wrote:

>> ASN.1  is  used  by  many  services,  but  all  use different underlying
>> protocols.  It's  not  likely  NetMeeting or MS ISA server to be primary
>> attack  targets.  Attack  against  MS  IPSec  implementation,  Exchange,
>> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
>> infrastructure  (except  connectivity  degradation  because  of  massive
>> traffic).

FW> I wish your assessment were true, but it's not.  Cisco Call Manager is
FW> based on Windows, and Cisco still has to certify the patches Microsoft
FW> released.

FW> It's sad that Microsoft apparently hasn't used those six months to
FW> properly coordinate the issue with OEM vendors.

-- 
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)

--- End Message ---

Prev by Date: Re: [Full-Disclosure] Re: Get somebody's IP with MSN
Next by Date: [Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
Previous by thread: [Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
Next by thread: [Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
Index(es):
- Date
- Thread