[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SA Security Bulletin: Unique attack vector uncovered during packet analysis

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] SA Security Bulletin: Unique attack vector uncovered during packet analysis
From: sasb@xxxxxxxxxxxxx
Date: Sat, 17 Sep 2005 03:20:36 -0400

__________________________________________________________________

                         Sexy Action Security Bulletin
                
                                SASB-2005-09-17-GR8-2B-EL8

                Packet Analysis Uncovers Unique Attack Vector

    __________________________________________________________________



Executive Summary:

As an enterprise security professional, I insist on maintaining the highest 
degree of personal hygeine. At 10:38AM AEST, packet capture (sniffing) 
tests revealed that my Gandalf Lord of the Rings t-shirt had been compromised...

Problem Statement:

For some months now I have deployed Nivea deoderant, version 'Aqua Cool', as a 
personal firewall. Its vendor promises 'revitalising freshness and 
mild care' , while ensuring 24hr performance, reliable protection, and a 
'stimulating masculine scent' .

While vendors are as trustworthy as a German sewerage plant operator, and the 
only thing released more often on the internet than German scheisse 
porn are exploits for personal firewalls, careful searching turned up no 
current issues with Nivea 'Aqua Cool'. 

This morning, as a preventative measure, I enabled promiscuous mode on my left 
nostril. This is something I rarely do -  whenever I allow my 
nostril to become promiscous it inevitably accosts American soldiers, demanding 
two dollars for "sucky, sucky". However, as a professional and a 
champion Tony Hawk 2 player, I must accede to these demands in the name of 
Security.

I picked up my Lord of the Rings t-shirt, sniffed, and captured a packet 
exuding from the right armpit production server. Not any boring old IP 
packet, no - this was a DECNET phase IV  packet, transported via x.25. You 
could have tickled me pink and called me Jesus; I'd assumed DECnet 
had gone the way of the triceratops, stegasaurus, and hats. 

"Why", I asked myself, "is my right armpit running DECnet? It's certainly not a 
normal state of affairs. Hackers must be involved. They always are. 
DECnet smells like stale sweat and hackers must have bypassed the Nivea 
firewall to install it on my t-shirt. It's the only way this could have 
happened.

Because of hackers I had to wear my Gollum Lord of the Rings t-shirt to work 
today. This is unacceptable - Gollum is not suitable for an enterprise 
security environment. Gollum is for informal occasions. Gandalf, the white 
wizard, commands respect and awe; without Gandalf, I fear that 
co-workers do not respect my authority.

Fix:

Users may apply more firewall, however this is only a preventative measure. As 
yet I am unsure exactly how to patch a smelly t-shirt. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] SA Security Bulletin: Unique attack vectoruncovered during packet analysis
  - From: Aditya Deshmukh

Prev by Date: [Full-disclosure] Web Application Security Analyzer for PHP-Nuke/phpBB CMS
Next by Date: [Full-disclosure] [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code
Previous by thread: [Full-disclosure] Web Application Security Analyzer for PHP-Nuke/phpBB CMS
Next by thread: RE: [Full-disclosure] SA Security Bulletin: Unique attack vectoruncovered during packet analysis
Index(es):
- Date
- Thread