On Fri, 19 Aug 2005, Nick FitzGerald wrote:
> [EMAIL PROTECTED] to Ron DuFresne:
>
> > > Perhaps it does realte considering the above and considering that the unix
> > > world learned many of the evils of RCP services over ten years ago that
> > > seem to hit the M$ realm every few months, repeate
On Thu, 2005-08-18 at 14:01 -0700, [EMAIL PROTECTED] wrote:
> What would it take to write an RPC filter to only accept RPCs which we
> actually care about?
Not a lot, considering this already exists, MS's own product ISA does
this.
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
I agree that not all exploits need to or should be handled in such a
way, but this type of open-ended exploit where potentially anything
could have been dropped or altered on a system would force me as an
network/security/systems administrator to have to take appropriate
action to protect my employ
Micheal Espinola Jr wrote:
Absolutely. Once a system has been exploited in such a manner, it is
completely untrustable. It should most definitely be wiped.
The IT ppl in SDC (and many other places) need to all be lined up and
smacked Three Stooges style.
On 8/19/05, Donald J. Ankney <[EM
Absolutely. Once a system has been exploited in such a manner, it is
completely untrustable. It should most definitely be wiped.
The IT ppl in SDC (and many other places) need to all be lined up and
smacked Three Stooges style.
On 8/19/05, Donald J. Ankney <[EMAIL PROTECTED]> wrote:
>
> Any IT
'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]>
Subject: RE: [Full-disclosure] Disney Down?
"So patch your systems, but don't miss your kid's play in order
to do it.
We've seen a lot worse than this in the past."
Brilliant advise[sic]!
Yeah, c
On 8/17/05, Jason Coombs <[EMAIL PROTECTED]> wrote:
> What about attacks that took place with the worms as cover? How many high-
> value systems just got compromised, and will remain so, by something other
> than the worms' code -- where the victim won't even bother to investigate
> that
> possi
[EMAIL PROTECTED] wrote:
On Wed, 17 Aug 2005, Ron DuFresne wrote:
Perhaps it does realte considering the above and considering that the unix
world learned many of the evils of RCP services over ten years ago that
seem to hit the M$ realm every few months, repeatedly...
We used to call the
[EMAIL PROTECTED] to Ron DuFresne:
> > Perhaps it does realte considering the above and considering that the unix
> > world learned many of the evils of RCP services over ten years ago that
> > seem to hit the M$ realm every few months, repeatedly...
>
> We used to call them rsploits when it was
On Wed, 17 Aug 2005, Ron DuFresne wrote:
>
> Perhaps it does realte considering the above and considering that the unix
> world learned many of the evils of RCP services over ten years ago that
> seem to hit the M$ realm every few months, repeatedly...
>
We used to call them rsploits when it was
Larry Seltzer wrote:
> none of the current attacks will directly infect Windows XP systems,
> including consumer systems, and therefore will not linger there. To
> illustrate the point, it's a long time now since the RPC/DCOM bug
> was patched and still there are lots of infected systems out there
On Thu, 18 Aug 2005, pingywon wrote:
> Disney world CLOSED !
>
>
> ..it cant be ..blame it on the terrorists and save face Mickey
It must be 'cause of the hand-geometry biometric scanners they are
using... someone must not have liked giving up their metrics ;)
--
Eric Wheeler
Vice President
On Wed, 17 Aug 2005, Micheal Espinola Jr wrote:
> >From my perspective, developing a patch and applying a patch are two
> different life cycles. I'm no developer, but I know what it takes to
> properly test and roll-out patches within my (current and previous)
> organization(s).
>
> I don't prete
[SNIP]
>
> Greg Smith, the county's assessor, recorder and clerk, said "As long
> as we're up (today), we'll be fine" Greg Smith is a thinking much too
> lightly of the situation. Their systems just got hit with an exploit
> that allows for remote code execution and elevation of privile
>From my perspective, developing a patch and applying a patch are two
different life cycles. I'm no developer, but I know what it takes to
properly test and roll-out patches within my (current and previous)
organization(s).
I don't pretend to believe that all patches are the same, but this PnP
pa
<[EMAIL PROTECTED]>
Date: Wed, 17 Aug 2005 08:20:17
To:"'Micheal Espinola Jr'" <[EMAIL PROTECTED]>,
Subject: RE: [Full-disclosure] Disney Down?
>>"So patch your systems, but don't miss your kid's play in order to do it.
We've seen
:
http://www.boyakasha.dk/virusevents.log
Regards
Jan
-Original Message-
From: Jan Nielsen [mailto:[EMAIL PROTECTED]
Sent: 17. august 2005 17:36
To: 'full-disclosure@lists.grok.org.uk'
Subject: RE: [Full-disclosure] Disney Down?
I was at a customer today with this problem, initi
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Micheal
Espinola Jr
>>Regardless of "a LOT of Windows 2000 out there...", these companies
weren't bitten the same day the initial exploit was released. 6 days
is plenty of time to have tested compatibility and
Fergie (Paul Ferguson) wrote:
I'll tell you why -- [snip]
So there you have it -- there's still a LOT of Windows 2000 out
there...
Having said that, you also have to realize that from the time the
MS05-039 vulnerability was disclose (and the exploit code was
released the same day), to the
This issue effects XP and W2K3 systems as well. I don't see the
argument of W2K being "on the back burner" as having any relation to
this thread.
Regardless of "a LOT of Windows 2000 out there...", these companies
weren't bitten the same day the initial exploit was released. 6 days
is plenty of
On Wed, Aug 17, 2005 at 11:07:26AM -0700, [EMAIL PROTECTED] wrote:
>
>
>
> On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote:
> > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBQ
> > Symantec: Win32.Zotob.E
> > McAfee: exploit-dcomrpc
> > Kaspersky: Net-Worm.Win32.Small.d
On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote:
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBQ
> Symantec: Win32.Zotob.E
> McAfee: exploit-dcomrpc
> Kaspersky: Net-Worm.Win32.Small.d
The IRC server this worm uses is 72.20.27.115, #tbp -- does anyone know
what port?
It's not that simple.
Why such success with a worm targeted at specific
vulnerabilities in Win2k?
I'll tell you why -- the answer is spelled out (correctly)
in an article written by Ina Fried in a June 28th, 2005,
C|Net News article entitled "Windows 2000 moves to the
back burner", which discusse
>>you do realize that you are writing for the "Enterprise News & Reviews"
magazine, eWeek - right?
Yeah. Online we get a little leeway on such things, and anyway it's beside
the point of that statement, which was that none of the current attacks will
directly infect Windows XP systems, including
Thanks for correcting my spelling error.
You mention that this issue "will have little or no presence on
consumer systems", but you do realize that you are writing for the
"Enterprise News & Reviews" magazine, eWeek - right? You also realize
that MS05-039 effects the current "consumer" version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
While the viri will be found and removed, the passwords might remain
(especially in a domain).
hmm good _bad_ thinking
- -Dude
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozde
Sent: 17. august 2005 17:41
To: Jan Nielsen
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Disney Down?
I joined said IRC channel, and the topic is ".ntscan 100 120 -a -b" so
it appears to be joining the channel and getting paramaters for this
"ntscan progra
Subject: RE: [Full-disclosure] Disney Down?
I was at a customer today with this problem, initially their network was
acting up and some ppl, couldn't logon to the servers in the morning.
We found the file "kilo.exe" on some machines that apparently had not
been patched, one thing
See:
http://www.f-secure.com/weblog/#0631
It could be any one of 11 variants at this point...
- ferg
-- "Jan Nielsen" <[EMAIL PROTECTED]> wrote:
I was at a customer today with this problem, initially their network was
acting up and some ppl, couldn't logon to the servers in the morning.
TECTED]
Sent: 17. august 2005 00:54
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Disney Down?
MD5SUM 7a67f7a8c844820c1bae3ebf720c1cd9 (wintbp.exe)
Trend Micro: WORM_RBOT.CBQ -
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBO
T.CBQ
ld be ?
Regards
Jan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 17. august 2005 00:54
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Disney Down?
MD5SUM 7a67f7a8c844820c1bae3ebf720c1cd9 (wintbp.exe)
Trend Micro:
>>I also think it's fair to say that when it dies down, relatively soon, it
won't achieve the endemic status of Blaster and Sasser because it will have
little or no presence on consumer systems.
Actually, I take that back a bit; I'm sure the Windows XP-based worms and
bots will adopt MS05-039 as
>>"So patch your systems, but don't miss your kid's play in order to do it.
We've seen a lot worse than this in the past."
>>Brilliant advise[sic]!
Yeah, clearly I timed the column badly, but I still think there's more smoke
than fire on this outbreak. If it had been International Paper or some
co
hanks,
~
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 16, 2005 3:54 PM
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Disney Down?
MD5SUM 7a67f7a8c844820c1bae3ebf720
"So patch your systems, but don't miss your kid's play in order to do
it. We've seen a lot worse than this in the past."
Brilliant advise!
On 8/17/05, Peter Besenbruch <[EMAIL PROTECTED]> wrote:
> Frank Stein wrote:
> > check cnn.com now. according to them, a new win2000 virus out now in
> > the
Frank Stein wrote:
check cnn.com now. according to them, a new win2000 virus out now in
the wild and infecting at a rapid rate.
http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
maybe this is the one.
Check out this article by Larry Seltzer of eWeek, where he predicts
earl
>check cnn.com now. according to them, a new win2000 virus out now in
>the wild and infecting at a rapid rate.
this is soo last week ( gah! )
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.ht
check cnn.com now. according to them, a new win2000 virus out now in
the wild and infecting at a rapid rate.
http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
maybe this is the one.
On 8/16/05, David Wilde <[EMAIL PROTECTED]> wrote:
> A buddy of mine who's fiance works for Dis
Has anyone noticed this all took place on Monday? 3 full days after the worm
was released.
Seems to me that theseCorps's were infected on Monday from ( proable ) users
connecting to internal networks via laptop's brought in from home, after
being connected to their home connections and their laptop
Disney world CLOSED !
.it cant be ..blame it on the terrorists and save face Mickey
- Original Message -
From: "David Wilde" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, August 16, 2005 6:13 PM
Subject: [Full-disclosure] Disney Down?
A buddy of mine who's fiance works for Disney just to
rg.uk
Subject: RE: [Full-disclosure] Disney Down?
MD5SUM 7a67f7a8c844820c1bae3ebf720c1cd9 (wintbp.exe)
Trend Micro: WORM_RBOT.CBQ -
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBO
T.CBQ
Symantec: Win32.Zotob.E
McAfee: exploit-dcomrpc
Kaspersky: Net-Worm.Win32.Small.d
Th
MD5SUM 7a67f7a8c844820c1bae3ebf720c1cd9 (wintbp.exe)
Trend Micro: WORM_RBOT.CBQ -
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBO
T.CBQ
Symantec: Win32.Zotob.E
McAfee: exploit-dcomrpc
Kaspersky: Net-Worm.Win32.Small.d
This is what is on CNN right now.
-Original Messa
They're still open for business; at least DisneyLand is until midnight.
Signed,
Andre Derek Protas
Security Researcher
eEye Digital Security
aprotas eeye com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-cha
> A buddy of mine who's fiance works for Disney just told me that they
> have sent everyone home for the day. When I say everyone I mean,
> Disney Land, Disney World, Disney Corporate, etc... He's not sure
> what the virus is called but it's apparently very nasty. Anyone have
> any more info on
Perhaps the same problem as CNN, ABC, etc:
http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
- ferg
-- David Wilde <[EMAIL PROTECTED]> wrote:
A buddy of mine who's fiance works for Disney just told me that they
have sent everyone home for the day. When I say everyone I me
45 matches
Mail list logo
