[2]: [Dshield] New Microsoft Windows RPC vulnerability

Micheal Patterson micheal at tsgincorporated.com
Thu Sep 11 20:01:11 GMT 2003

----- Original Message ----- 
From: "Kenneth Coney" <superc at visuallink.com>
To: <list at dshield.org>
Sent: Thursday, September 11, 2003 1:14 PM
Subject: Re: [2]: [Dshield] New Microsoft Windows RPC vulnerability

> Anytime MS "releases" a patch it means they knew about the hole and spent
> time and money to come up with a patch.  I suspect some of the patches
> a long time to write.  Logic dictates there are probably still more
> unwritten, not yet fully tested patches to come.  This means there
> are other holes MS hasn't spoken of yet.  At the same time actual
> government agencies of several countries look for holes.  Probably they
> know of one or two MS hasn't released or possibly even found out about
> Decades ago I worked at a place that had a short, command string that
> be typed in at any terminal by any person knowing the string.  It was
> button to be used only under certain extreme conditions, which thankfully
> never happened.  Entry of the command string from any connected terminal
> anywhere deleted all files on every connected device and initiated a
> degauss process on all related drums (drums.., am I showing age or what?).
>   I always thought that would be nasty thing (but possibly desirable to
> kind of thinking that liked the original V chip as originally proposed) to
> bury deep in a rom code on a chip or similar somewhere on a machine sold
> for Internet use.  There is a Desert Storm rumor about something like that
> involving a certain phone system which some of you might have heard.
> Consequentially, I, for reasons of paranoia, have removable backups of my
> needed data some machines that are unconnected to any net and advise all
> do the same.

I too, being from a military comm background have had to be familiar with
emergency destruction of data systems. One location that I was assigned, had
thermite charges internal to the equipment and the charge was marked with a
large red X. The site held 2 .38's in a secured cabinet and should the
equipment need to be destroyed, the two ranking individuals would take those
weapons and shoot the center of the X's to ignite the charges and slag the

In regards to that Desert Storm switch,  a rumor at least on one tactical
telephone system. It may have been removed on later versions of the system,
however, during my time (265 days) in Desert Storm, it was indeed on our
switch and was a requirement to know when and under what circumstances to
use it. This command was internal to the hard coded command set of the
system. It was designed to be used to prevent any data falling into enemy
hands in the event of a site overrun. Once activated, you would be required
to confirm the request twice for safety. After that, the activated subsystem
would make a dual pass over all active memory registers and connected media
systems on both the primary and stand by processors. First pass was all 1's,
second pass was all zero's. The eprom that held the plt boot instruction set
would be wiped in a similar manner.  It was recommended to remove the tapes
from the bays and physically destroy them if time permitted, however, should
they be left in their bay's, they too would be erased after active memory
was rendered useless.

If Uncle doesn't want you to see it, he'll take every measure you can think
of, and some you can't to keep you from laying eyes on it.


Micheal Patterson
TSG Network Administration

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original

More information about the list mailing list