[2]: [Dshield] New Microsoft Windows RPC vulnerability

Kenneth Coney superc at visuallink.com
Sat Sep 13 01:44:14 GMT 2003


Nope.  Wrong rumor.  I meant the one about all of the Soviet Union's 
critical phone systems going dead for 5 full minutes on a command given 
with a whistle 30 seconds before the first attack and the story behind it. 
  Probably just another urban Puzzle Palace rumor.  :)


Subject: Re: [2]: [Dshield] New Microsoft Windows RPC vulnerability
From: "Micheal Patterson" <micheal at tsgincorporated.com>
Date: Thu, 11 Sep 2003 15:01:11 -0500
To: "General DShield Discussion List" <list at dshield.org>

----- Original Message -----
From: "Kenneth Coney" <superc at visuallink.com>
To: <list at dshield.org>
Sent: Thursday, September 11, 2003 1:14 PM
Subject: Re: [2]: [Dshield] New Microsoft Windows RPC vulnerability



 >> Anytime MS "releases" a patch it means they knew about the hole and spent
 >> time and money to come up with a patch.  I suspect some of the patches

took

 >> a long time to write.  Logic dictates there are probably still more
 >> unwritten, not yet fully tested patches to come.  This means there

probably

 >> are other holes MS hasn't spoken of yet.  At the same time actual
 >> government agencies of several countries look for holes.  Probably they
 >> know of one or two MS hasn't released or possibly even found out about

yet.

 >>
 >> Decades ago I worked at a place that had a short, command string that

could

 >> be typed in at any terminal by any person knowing the string.  It was

panic

 >> button to be used only under certain extreme conditions, which thankfully
 >> never happened.  Entry of the command string from any connected terminal
 >> anywhere deleted all files on every connected device and initiated a
 >> degauss process on all related drums (drums.., am I showing age or what?).
 >>   I always thought that would be nasty thing (but possibly desirable to

the

 >> kind of thinking that liked the original V chip as originally proposed) to
 >> bury deep in a rom code on a chip or similar somewhere on a machine sold
 >> for Internet use.  There is a Desert Storm rumor about something like that
 >> involving a certain phone system which some of you might have heard.
 >> Consequentially, I, for reasons of paranoia, have removable backups of my
 >> needed data some machines that are unconnected to any net and advise all

to

 >> do the same.


I too, being from a military comm background have had to be familiar with
emergency destruction of data systems. One location that I was assigned, had
thermite charges internal to the equipment and the charge was marked with a
large red X. The site held 2 .38's in a secured cabinet and should the
equipment need to be destroyed, the two ranking individuals would take those
weapons and shoot the center of the X's to ignite the charges and slag the
equipment.

In regards to that Desert Storm switch,  a rumor at least on one tactical
telephone system. It may have been removed on later versions of the system,
however, during my time (265 days) in Desert Storm, it was indeed on our
switch and was a requirement to know when and under what circumstances to
use it. This command was internal to the hard coded command set of the
system. It was designed to be used to prevent any data falling into enemy
hands in the event of a site overrun. Once activated, you would be required
to confirm the request twice for safety. After that, the activated subsystem
would make a dual pass over all active memory registers and connected media
systems on both the primary and stand by processors. First pass was all 1's,
second pass was all zero's. The eprom that held the plt boot instruction set
would be wiped in a similar manner.  It was recommended to remove the tapes
from the bays and physically destroy them if time permitted, however, should
they be left in their bay's, they too would be erased after active memory
was rendered useless.

If Uncle doesn't want you to see it, he'll take every measure you can think
of, and some you can't to keep you from laying eyes on it.

--

Micheal Patterson
TSG Network Administration
405-917-0600




More information about the list mailing list