[Full-Disclosure] Britannia Security Advisory 001-2004 version 1.0
etomcat at freemail.hu
Mon Jan 26 16:33:53 GMT 2004
Britannia Security Advisory 001-2004 version 1.0
Valid input at vulnerable ports can result in loss of system integrity.
Operating system: Microsoft
Hardware: William H. Gates III
Attack method: small natural variations in regular operation of legacy
systems may result in data transfer vector hitting incorrect port on
Only particular legacy systems can act as attack source.
Vendor: Windsor (formerly Saxe-Coburg-Gotha)
Model: QE2 revision 1926
Attack data packet (Label:Offset) KBE:1917
Specific packet data in ASCII format follows:
"Knight Commander of the Most Excellent Order of the British Empire"
Symptoms: Loss of systems integrity, ear falls off.
a., Replace attacker.
Prior consultation recommended, see: Rumsfeld, Donald
Pro: Some irish guys will thank you
Con: High costs, popular resistance, media fallout needs be considered
b., Hire "set a thief to catch a chief" whitehat with prior blackhat
experience in such ear attacks to evaluate risks and assess defensive
methods. See: Simon "Kefas The Stone" Peter
Pro: documented to work
Con: most vendors refuse to deal with ex black-hats,
named consultant a known liar.
c., Physical protection of the vulnerable system recommended. See:
a., Apply patches and cover damages with insurance policy. Forensics
almost never required, but surgery can restore systems integrity
up to 90-95%.
a., Hire consultant with prior experience in similar environment, who
advises on mitigating long-term effects of said systems integrity breach.
See: Lauda, Niki, Formula 1, Champion, Three times.
c., Whitehat already mentioned under paragraph "Proactive / b." may
contract a specialist, who is certified to restore ears integrity 100%.
Pro: Successful transaction can result in reception of further input
values. See: beatification, canonization, sainthood
Con: May require prior consultation with a joint polish-italian competitor
by the brand name JPII. May require changing vendor to a JPII
recommended supplier, which can result in loss of original input data,
due to vendor incompatibility between the attacker and 3rd party
End of security advisory 001-2004-version 1.0
Consumer version of security bulletin available at:
Last modified: 26/01/2004 16:35GMT 8-)
Full-Disclosure is hosted and sponsored by Secunia.