<<< Date Index >>>     <<< Thread Index >>>

Re: ASN.1 telephony critical infrastructure warning - VOIP



On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote:
> I apologize, but I am using these mailing lists to try and contact the 
> different */CERT teams for different countries.

        Then contact FIRST.

        Forum of Incident Reaction Security Teams.

        <http://www.first.org>

        Many, if not most, CERTs are members.

> As we all know, ASN.1 is a new very easy to exploit vulnerability. It 
> attacks both the server and the end user (IIS and IE).

> We expect a new massive worm to come out exploiting this vulnerability 
> in the next few days.

        This I seriously doubt.  We have no indicators leading in that
direction.

> Why should this all interest you beyond it being the next blaster?

> ASN is what VOIP is based on, and thus the critical infrastructure for 
> telephony which is based on VOIP.

        No.  ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on".  I won't rehash what other have refuted, here.  If it's
possible, it's likely we'll see other indicators pointing in that
direction.

> This may be a false alarm, but you know how worms find their way into 
> every network, private or public. It could (maybe) potentially bring the 
> system down.

> I am raising the red flag, better safe than sorry.

        Better to be informed than alarmist.

> The two email messages below are from Zak Dechovich and myself on this 
> subject, to TH-Research (The Trojan Horses Research Mailing List). The 
> original red flag as you can see below, was raised by Zak. Skip to his 
> message if you like.

>     Gadi Evron.

        :

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@xxxxxxxxxxxx
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Attachment: pgpI8QB5ID1gC.pgp
Description: PGP signature