[Esd-l] What file-endings should be stopped for this ?
Mark_Saunders at piucorp.com
Wed Feb 27 07:33:01 PST 2002
Here are a few suggestions:
In addition, if your firewall (or Squid, if you use it) supports mime type
blocking, block audio/x-wav, as this is what Nimda uses.
Tommy Lindqvist wrote:
> the mp3 files are obvious choices for this. Mainly what I was wondering is
> what other file endings may be used.
> If I underkstood the report correctly, it is script sequences for
> Real Player that is used, so both Mediaplayer of version 7+ and Real player
> would be vulnerable to next generation SirCamm.
> ( If I remember correctly, SirCamm fooled the (non)existant security
> in Outlook by calling itself audio/wav even though it was a .exe file. )
> Here comes a perfectly valid mediafile correctly identified as audio/wav,
> and the correct application is launched, and then the script starts to run.
> Thus the need to poison all kind of files that Mediaplayer/Realplayer opens
> by default.
> I do not know all of them, although a good guess would be
> At 08:56 2002-02-27 -0600, Michael Geier wrote:
> >Well, you can ask yourself "do my users need to be emailing each
> >other .mp3 files?"...
> >1. ( yes ) find a strong ceiling, a length of rope and a
> > wobbily chair...
> >2. ( no ) poison .mp3, or mangle .mp3 with a strong warning
> > to your users about .mp3 files, URL-encoding and
> > Windows Media Player
> >Also, this only effects Windows Media Player (WMP). Using Winamp,
> >the song actually stops before the first encoded URL.
> >-----Original Message-----
> >From: esd-l-admin at spconnect.com [mailto:esd-l-admin at spconnect.com]On
> >Behalf Of Tommy Lindqvist
> >Sent: Wednesday, February 27, 2002 2:41 AM
> >To: esd-l at spconnect.com
> >Subject: [Esd-l] What file-endings should be stopped for this ?
> >( Windows using commands hidden in mp3-files. ( I do not know
> >what other endings may be used for these kind of players. (
> >Systems Manager |\ _,,,---,,_ Saab Ericsson Space AB
> >Postmaster /,`.-'`' -. ;-;;,_ tommy.lindqvist at space.se
> > |,4- ) )-,_. ,\ ( `'-' +46 (0)31 735 4391
> >*************** '---''(_/--' `-'_)
> >Tommy Lindqvist
> >Esd-l mailing list
> >Esd-l at spconnect.com
> Systems Manager |\ _,,,---,,_ Saab Ericsson Space AB
> Postmaster /,`.-'`' -. ;-;;,_ tommy.lindqvist at space.se
> |,4- ) )-,_. ,\ ( `'-' +46 (0)31 735 4391
> *************** '---''(_/--' `-'_)
> Tommy Lindqvist
> Esd-l mailing list
> Esd-l at spconnect.com
mv $win /dev/null
More information about the esd-l