[Mimedefang] Re: OT: Email web form exploits

Ian Mitchell trash at aftermagic.com
Tue Sep 6 12:49:24 EDT 2005 

Not to make a statement here, but as I have worked as/with the "feds" for
many years, I think these attacks are a tad prejudice and ill placed on
this mailing list.

However, in regards to your statements about or against contacting the
"feds" to alert them of this new exploit. The comment made earlier of
people being clueless is inaccurate. There are organizations across the
world, some of which are indeed "feds" that make it their sole purpose to
know these sorts of things.

I would recommend contacting the vendors first, if they're homegrown
scripts, contact the author. Give them a chance to secure their code. Then
after a set amount of time, disclose your vulnerability to the bugtraq
list at www.securityfocus.com, might even decide to submit it to the
various CERT's out there for investigation. cert.mil, cert.gov, cert.org,
etc...

In the very least, your investigation and reporting of the incidents at
hand can help folks in the Snort community and other IA communities do
develop rules to catch network traffic that does exploit it.

Don't nessassarily expect a response. These oganizations get millions of
emails a day (undoubtly) so there may be some disconnect. But they do take
things seriously. You're best bet to let it be known is to publish it to
places like Bugtraq. (AFTER you contact the vendor)

Heck you may even consider bouncing it off the handlers at isc.sans.org
and see if they're detecting an increase in traffic across the Internet
that is indeed exploiting it. Might just be that you found an isolated
incident. Who knows.

Best of luck.
Ian.

>>      If I was the Feds I would simply tell you to go away and secure
>>your system.  And, if you are working for an organisation where your
>>systems must be secure by law, I would sic the appropriate agency on
>>you.
>
> And, you already sound like a government worker.  Totally bad attitude.  I
> expect to speak to someone like you today.  I am sure I will find a way
> around the front guard, then maybe not.  There are plenty of folks like
> you
> in the government.
>

More information about the MIMEDefang mailing list