TCPA, the Telecommunications Communications Privacy Act.
You must have this name wrong. Apart from the redundancy, I Googled it and got nothing.
Do you mean the Telemarketing and the Telephone Consumer Protection Act (TCPA)?
___
Full-Disclosure - We
TCPA, the Telecommunications Communications Privacy Act.
http://www.nyfairuse.org/action/palladium
That's Trusted Computing Platform Alliance and totally off the point.
LJS
___
Full-Disclosure - We believe in it.
Charter:
Sorry, shouldn't write this stuff when I am not looking
at primary sources.
ECPA, the Electronic Communications Privacy Act.
Title 18 USC 2701
On Sun, 7 Mar 2004, Larry Seltzer wrote:
TCPA, the Telecommunications Communications Privacy Act.
You must have this name wrong. Apart from the
On Thu, 4 Mar 2004, Larry Seltzer wrote:
I've never heard this before. What law?
TCPA, the Telecommunications Communications Privacy Act.
At least the ordinary English meaning of parts of that
act prohibit 'intercepting' electronic mail, and define
intercepting as to include deleting.
I
On Thu, 4 Mar 2004, Larry Seltzer wrote:
SMTP auth does not help at all. A virus that delivers email via it's own SMTP
engine
completely bypasses the end users ISP server(s). And if the recipient server does not
allow incoming mail from wherever it is presented from, then incoming mail
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 8:01 AM
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
On Wed, 3 Mar 2004, Larry Seltzer wrote:
I feel the need to address the problem from an ISP perspective, since
the corporate
and government
One ISP here in Israel, has tried to do something about
this.
They block all TCP traffic on port 25 (bi di) except for
there own mail
servers IP
This is happening in the United States as well. Late last
month, Charter Communications (*.charter.net), a cable
provider, began blocking outbound
SMTP auth does not help at all. A virus that delivers email via it's own SMTP engine
completely bypasses the end users ISP server(s). And if the recipient server does not
allow incoming mail from wherever it is presented from, then incoming mail will simply
be broken unless there is some sort of
Another quick workaround to SPF, Caller ID and Domain Keys has alredy
been implemented by spammers for a year or so. The only premise behind
S/C/D is that you are trusted if you have access to a DNS server.
Spammers are using compromised machines not only as SMTP servers, but
also web
Larry Seltzer [EMAIL PROTECTED] to 'Mike Barushok':
SMTP auth does not help at all. A virus that delivers email via it's
own SMTP engine completely bypasses the end users ISP server(s). And if
the recipient server does not allow incoming mail from wherever it is
presented from, then incoming
Larry Seltzer [EMAIL PROTECTED] wrote:
I'm really not clear how this could work on a DHCP client, which the
overwhelming majority of compromised systems must be. Please don't just
tell me it's magic and works.
Well, cable and DSL clients tend to get the same IPs over and over and
even if
Hehehe, encrypted is a big word. Especially for a zip file. The contents can most
certainly be read. Also be email gateways and virusscanners. Passwords can be cracked.
There are special tools that can extract the contact of a
password protected zip file without knowning the password. To cut is
Now these are just thoughts so shoot me down if you feel like itbut..
ISP's make money from Bandwidth usage, it's therefore in there interest to
let traffic go un-checked as in the end legitimate account holders will have
to pay for it...
Boardroom meetings are full of idea's like
Here...In Australia...ISP's charge for bandwidthnot many unlimited
bandwidth accounts.only thing Australia is ahead on in most cases is
Greenwich meridian time...
But I see you point...
Sean..
On Sat, Apr 03, 2004 at 01:32:23AM +1000, Sean Crawford wrote:
ISP's make money from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 03, 2004 at 01:32:23AM +1000, Sean Crawford wrote:
ISP's make money from Bandwidth usage
Actually, you are wrong on this statement.
ISP spend money on Bandwidth. They make money from subscriptions, regardless
of Bandwidth usage. Best
On Wed, 03 Mar 2004 20:11:22 +0100, Gregor Lawatscheck [EMAIL PROTECTED] said:
thousands a day who fall for these worms. After all there are driver
licenses for normal highways but none for the information super highway.
Roadkill on the infobahn
pgp0.pgp
Description: PGP signature
On Wed, 03 Mar 2004 23:36:09 +0530, Aditya, ALD [Aditya Lalit Deshmukh] said:
how about the smtp server simply rejecting mail from spoofed hosts ?
Good. Now look at the headers for this message and tell me if it's a spoofed host
or not. While you're at it, define spoofed host more clearly.
On Wed, 03 Mar 2004 16:37:49 EST, Larry Seltzer [EMAIL PROTECTED] said:
volume. As an ISP, how big a problem would you have with that. An even better
question:
Would you have a problem implementing SPF, Caller ID and Domain Keys (i.e. al
l 3)? It
Note that at least one of these comes
On Fri, 05 Mar 2004 02:27:05 +1300, Nick FitzGerald [EMAIL PROTECTED] said:
Yes -- that is an overstatement. However, the RFCs/STDs covering SMTP
take a pretty sharp stand on what an implementation should and must do
if it accepts a message and then cannot deliver it to (any of the)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Sean Crawford
Sent: Friday, April 02, 2004 9:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Now these are just thoughts so shoot me down if you
On Thu, 04 Mar 2004 13:09:04 CST, Schmehl, Paul L [EMAIL PROTECTED] said:
Wrong. ISP's make money from subscriptions. The ideal subscriber would
be someone who pays the $21.95/month (or whatever it is these days) and
*never* uses the Internet. If you have 1000's of those, you could make
a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Mar 04, 2004 at 11:35:17PM +0530, Aditya, ALD [Aditya Lalit Deshmukh] wrote:
My idea is that the MDA simply tag the messages, and that the MUA, either
localy or using some POP-like protocol, read the flag and, following
users
Sean Crawford [EMAIL PROTECTED] wrote:
ISP's make money from Bandwidth usage,
Nope -- ISPs make money from lack of bandwidth usage...
... it's therefore in there interest to
let traffic go un-checked as in the end legitimate account holders will have
to pay for it...
If that were true, I
ISP's make money from Bandwidth usage, it's therefore in
there interest to let traffic go un-checked as in the end
legitimate account holders will have to pay for it...
Wrong. ISP's make money from subscriptions. The ideal subscriber would
be someone who pays the $21.95/month (or
-Disclosure] Backdoor not recognized by Kaspersky
Onderwerp: [Full-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I
received this file recently, but Kaspersky did not detect malicious
code. Wondering if any of you guys know about
Attached backdoor not recognized by Kaspersky or Norton 2004? I received
this file recently, but Kaspersky did not detect malicious code. Wondering
if any of you guys know about it or have analyzed it before? It is
definitely NOT a text document. I opened it up with WinHex and see the file
executable attachments.
-
Suresh Ponnusami,
Information Security Consultant,
nSecure Software (P) Ltd.
INDIA
- Original Message -
From: Kristian Hermansen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, 03 March, 2004 04:04 AM
Subject: [Full-Disclosure] Backdoor not recognized
PROTECTED] On Behalf Of Kristian
Hermansen
Sent: Wednesday, March 03, 2004 4:04 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I received
this file recently, but Kaspersky did not detect malicious
Hi,
Attached backdoor not recognized by Kaspersky or Norton 2004?
That zip-archive went right through our TrendMicro Virusgateway (newest Pattern files:
797) :-( Seems like the scanner(s) have problems with password-secured zips, will
evaluate this later.
Unpacked exe is recognized correct
It's a worm, detected by OfficeScan (patern 697) as bagle.J.
Regards. Yoran
| -Message d'origine-
| De : [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] la part de Kristian
| Hermansen
| Envoye : mardi 2 mars 2004 23:34
| A : [EMAIL PROTECTED]
| Objet : [Full-Disclosure] Backdoor
] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I
received this file recently, but Kaspersky did not detect malicious
code. Wondering if any of you guys know about it or have analyzed it
before? It is definitely NOT a text document. I opened
Attached backdoor not recognized by Kaspersky or Norton 2004? I received
this file recently, but Kaspersky did not detect malicious code. Wondering
It's yet another email-worm, probably some variation of BAGLE.
Regards,
--
Jarkko Turkulainen [EMAIL PROTECTED]
It's yet another email-worm, probably some
variation of BAGLE.
The chap who reads this list from Pipemedia online might
want to check his machine for mailware, too.
--
Mortis
___
Full-Disclosure - We believe in it.
Charter:
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I received this file
recently, but Kaspersky did not detect malicious code. Wondering if any of you guys
know about it or have analyzed it before
02, 2004 5:34 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I received this file
recently, but Kaspersky did not detect malicious code. Wondering if any of you guys
know about it or have
-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I received
this file recently, but Kaspersky did not detect malicious code. Wondering
if any of you guys know about it or have analyzed it before? It is
definitely NOT a text document. I
://security.eweek.com/
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen
Sent: Tuesday, March 02, 2004 5:34 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized
It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not
obvious how a scanner will get it until it's opened. Notice that the e-mail includes
the
password (65316). In fact Norton finds it when the ZIP is opened and the extracted
file hits the file system.
The
On Wednesday 03 March 2004 12:31, David Kammering wrote:
Hi,
Attached backdoor not recognized by Kaspersky or Norton 2004?
That zip-archive went right through our TrendMicro Virusgateway (newest
Pattern files: 797) :-( Seems like the scanner(s) have problems with
password-secured zips,
I agree that it might be Bagle.J, but F-Risk claims it's:
The unpacked file's size is over 49 kilobytes.
For me it was:
yfivyjmg.exe was UPXed and has:
MD5: b2e0559c9c3cea7bb7c37daec64e0f88
Size: 12288 Bytes
yfivyjmg.exe unpacked has:
MD5:
Suresh Ponnusami wrote:
Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature updates because No AV can decrypt it
without the password. (though password is
On Wed, Mar 03, 2004 at 01:44:00PM +0100, maarten wrote:
Well, what would you expect, that the virusgateway would brute-force crack the
zip password ? No. It has only two options:
A) Delete all password protected zipfiles regardless
or
B) Let any and all password protected zipfiles
No, what I would expect is that it has the smarts (and it does, we are
doing it here with Trend) to look inside the Zip and stop any zip
containing any .scr/.exe/.com/.you-name-executable files. Check your Trend
(or whatever mail checker you are using) configs and set them
appropriately.
Does anyone else find this new development a bad idea?
I'm of the mindset that anti-virus companies should stick with what
they're good at -- namely, detecting and handling infected files. It
seems a bad idea to start down the natural language processing road.
Are they scanning just for
Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature updates because No AV can decrypt it
without the password. (though password is in the message
content),
Cael...take a more sensible approach...no password parsing to scan
needed...have the AV/mail gateways stop any zip with any executable inside.
You don't need to use the password to see that there is an
.exe/.scr/.com/.whatever inside a zip. You see it, you nuke the zip. If
your policies
The problem is the antivirus installed in the perimeter, that does not detect those
samples. Exist some antivirus that detects the ZIP infected without knowing the
password:
I'm sure more of these detect it by now. I suppose SOP for these scanners has been to
extract files from ZIPs and scan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Suresh Ponnusami
Sent: Wednesday, March 03, 2004 5:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Another variant against the Netsky virus. It's
]
[mailto:[EMAIL PROTECTED] On Behalf Of Cael Abal
Sent: Wednesday, March 03, 2004 8:57 AM
To: Gregor Lawatscheck
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
What about messages in languages other than English? I can
easily see
this becoming
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Cael Abal
Sent: Wednesday, March 03, 2004 8:57 AM
To: Gregor Lawatscheck
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
What about messages in languages
At 10:53 AM 3/3/2004 -0600, Schmehl, Paul L wrote:
We need new/different technology that doesn't
depend upon knowledge of the malicious program to prevent it from
entering our networks. *Re*active technology will *always* fail
initially, and that means there will always be a door open for bad
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
McAfee now detects the password protected zip files. (There are other
things you can look for besides trying to decrypt the contents of the
zip filel Also, zip passwords are weak and easily broken anyway.)
Zip files may be /relatively/ easy to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cael...take a more sensible approach...no password parsing to scan
needed...have the AV/mail gateways stop any zip with any executable
inside. You don't need to use the password to see that there is an
.exe/.scr/.com/.whatever inside a zip. You
Cael Abal wrote:
Historically, passworded .zip files have been the only remotely
acceptable way to e-mail executables. I'm hesitant to give that up.
ACK. Some AV vendors even request samples of exectuables in passworded
zips.
I'd still rather allow all passworded .zips and rely on the client's
Mar 2004, Schmehl, Paul L wrote:
-Original Message-
From: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 8:57 AM
To: Gregor Lawatscheck
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Leave passworded .zips alone -- take
'Password is a long yellow fruit enjoyed by monkeys.'
which ones ? there are many types of them around here
Leave passworded .zips alone -- take the sensible approach and catch an
infected file once it's been extracted.
that would be the best approach but it would make all the spam
We need new/different technology that doesn't depend upon
knowledge of the malicious program to prevent it from
entering our networks. *Re*active technology will *always*
I think you meant to say YOUR networks, right? The networks used by
antivirus firms don't get infected. Granted,
The zip's contents can
be seen without the password, just not unpacked...no cracking it required.
now winrar has a option to encrypt file names with a password, me thinks pkzip with
the 64 bit compression also has that feature... how are we going to deal with this ?
by stopping all the
On Mar 3, 2004, at 10:22 AM, Schmehl, Paul L wrote:
-Original Message-
From: [EMAIL PROTECTED]
Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Rob Rosenberger
Sent: Wednesday, March 03, 2004 2:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
We need new/different technology that doesn't
to be secure...
-Original Message-
From: Simbabque [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 12:45 PM
To: [EMAIL PROTECTED]
Subject: Re[2]: [Full-Disclosure] Backdoor not recognized by Kaspersky
Anti-virus has *always* been an arms race and the anti-virus companies
I feel the need to address the problem from an ISP perspective, since the corporate
and government and other institutional persective seems to give different answers. And
because the ISP end user problem is still the majority of the reservoir for viruses
(and
spam proxy/relay/trojans).
I really
[SNIP]
how about the smtp server simply rejecting mail from spoofed hosts ? as all the
viruses generate spoofed hosts and it is very easy for any smtp server to do a dns
lookup on the sending server, if the hostname / ip address do not match reject the
message.
Finally some
Security Center Editor
http://security.eweek.com/
[EMAIL PROTECTED]
-Original Message-
From: Thor Larholm [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 6:47 PM
To: Larry Seltzer; Mike Barushok; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Larry Seltzer [EMAIL PROTECTED] wrote:
I really feel for you guys. As I've argued in another thread, I think
SMTP authentication will likely cut this stuff down to a trickle
compared to the current volume. As an ISP, how big a problem would you
have with that. An even better question: Would
Martin Ma ok [EMAIL PROTECTED] wrote:
C) try each word from the message as a password
D) OCR all attached images and go to (C) with the result
(I saw the smiley...)
And there are trivial responses to this that would be introduced into
the version after next of the virus (say, on Friday) if
Aditya, ALD [Aditya Lalit Deshmukh] wrote:
snip
how about the smtp server simply rejecting mail from spoofed hosts ? as
all the viruses generate spoofed hosts and it is very easy for any smtp
server to do a dns lookup on the sending server, if the hostname / ip
address do not match reject the
Cael Abal [EMAIL PROTECTED] wrote:
snip easy tricks to bypass 'password in message body' scanning
... I can easily see
this becoming an arms-race, and one the anti-virus folks have no chance
of winning.
What do you mean becoming??
Known virus scanning is, by definition, an arms race which
Stef [EMAIL PROTECTED] wrote:
Someone on the ntbugtrack list mentioned earlier another possible
solution for A/V gateways: checking for the extension of
known-to-be-infected files, and appending the + sign at the end (e.g.
.exe+). I have tried this on my first layer Norton Gateway, as well
madsaxon [EMAIL PROTECTED] wrote:
As Rob Rosenberger has been preaching for years, the most sensible
solution to this problem lies in heuristics, not reactive tactics.
An ounce of prevention has always been worth a pound of cure.
I think heuristics are over-rated for such applications. To be
Schmehl, Paul L [EMAIL PROTECTED] wrote:
McAfee now detects the password protected zip files. (There are other
things you can look for besides trying to decrypt the contents of the
zip filel Also, zip passwords are weak and easily broken anyway.)
Though cracking is not, I believe, how it is
From: Larry Seltzer [mailto:[EMAIL PROTECTED]
if you can read the users login credentials to his corporate
mailserver you are far better off.
Rather casually put. How would you do this? I've heard how
Swen asks the user for their credentials, but if you know a
general crack for obtaining
Ron DuFresne [EMAIL PROTECTED] wrote:
how about the smtp server simply rejecting mail from spoofed hosts ?
as all the viruses generate spoofed hosts and it is very easy for any
smtp server to do a dns lookup on the sending server, if the hostname
/ ip address do not match reject the
Thor Larholm wrote:
SMTP authentication will not do much to stop viruses from spreading.
Some viruses are already moving away from just implementing their own
SMTP server to reusing whatever SMTP credentials you have on your
machine. Having your own SMTP engine is a nice fallback solution
rm -rf /
that should do it
Nick FitzGerald wrote:
Ron DuFresne [EMAIL PROTECTED] wrote:
how about the smtp server simply rejecting mail from spoofed hosts ?
as all the viruses generate spoofed hosts and it is very easy for any
smtp server to do a dns lookup on the sending server, if the
Larry Seltzer [EMAIL PROTECTED] asked 'Thor Larholm':
if you can read the users login credentials to his corporate
mailserver you are far
better off.
Rather casually put. How would you do this? I've heard how Swen asks the
user for their credentials, but if you know a general crack for
Hello,
I suggest that most of you should subscribe to the postfix mailing
list, it will provide you with a deep understanding of mail and
what problems people face and how to solve them.
For example if a mail server is sending you mail you should not be
comparing it with some host name.
Michael Gale [EMAIL PROTECTED] wrote:
OK stuff snipped
Also do not except mail for users that do not exist ... I know that a
lot of Exchange servers and mis-configured front end mail servers accept
mail for anything at there domain and usually if the mail is junk or
from domains that do not
78 matches
Mail list logo
