On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote: > I apologize, but I am using these mailing lists to try and contact the > different */CERT teams for different countries. Then contact FIRST. Forum of Incident Reaction Security Teams. <http://www.first.org> Many, if not most, CERTs are members. > As we all know, ASN.1 is a new very easy to exploit vulnerability. It > attacks both the server and the end user (IIS and IE). > We expect a new massive worm to come out exploiting this vulnerability > in the next few days. This I seriously doubt. We have no indicators leading in that direction. > Why should this all interest you beyond it being the next blaster? > ASN is what VOIP is based on, and thus the critical infrastructure for > telephony which is based on VOIP. No. ASN.1 (not ASN) may be used in VoIP, but it's not what it's "based on". I won't rehash what other have refuted, here. If it's possible, it's likely we'll see other indicators pointing in that direction. > This may be a false alarm, but you know how worms find their way into > every network, private or public. It could (maybe) potentially bring the > system down. > I am raising the red flag, better safe than sorry. Better to be informed than alarmist. > The two email messages below are from Zak Dechovich and myself on this > subject, to TH-Research (The Trojan Horses Research Mailing List). The > original red flag as you can see below, was raised by Zak. Skip to his > message if you like. > Gadi Evron. : Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgpI8QB5ID1gC.pgp
Description: PGP signature