| Independence
hoax
This was a joke, which was distributed as an official-looking CERT
alert and was based on the movie 'Independence Day'. Here is the
original message:
Independence Day - CERT alert
--------------------------------------------------------------------------
From: CERT Bulletin
Newsgroups: comp.security.announce,rec.humor
Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability
Date: 4 July 1996 20:52:15 GMT
Organization: CERT(sm) Coordination Center - +1 412-268-7090
==========================================================================
CERT(sm) Advisory CA-96.13
July 4, 1996
Topic: ID4 virus, Alien/OS Vulnerability
--------------------------------------------------------------------------
The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow
species with primitive information sciences technology to initiate denial-of-service attacks
against MotherShip(tm) hosts. One report of exploitation of this bug has been received.
When attempting takeover of planets inhabited by such races, a trojan horse attack is
possible that permits local access to the MotherShip host, enabling the implantation of
executable code with full root access to mission-critical security features of the operating
system. The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1
or later, and all versions of Microsoft's Windows/95. CERT advises against initiating further
planet takeover actions until patches are available from these vendors. If planet takeover is
absolutely necessary, CERT advises that affected sites apply the workarounds as
specified below. As we receive additional information relating to this advisory, we will
place it in ftp://info.cert.org/pub/cert_advisories/CA-96.13.README
We encourage you to check our README files regularly for updates on
advisories that relate to your site.
--------------------------------------------------------------------------
I. Description
Alien/OS contains a security vulnerability, which strangely enough can be exploited by
a primitive race running Windows/95. Although Alien/OS has been extensively field
tested over millions of years by EvilAliens, Inc., the bug was only recently discovered
during a routine invasion of a backwater planet. EvilAliens notes that the operating
system had never before been tested against a race with "such a kick-ass president."
The vulnerability allows the insertion of executable code with root access to key security
features of the operating system. In particular, such code can disable the NiftyGreenShield
(tm) subsystem, allowing child processes to be terminated by unauthorized
users.
Additionally, Alien/OS networking protocols can provide a low-bandwidth covert timing
channel to a determined attacker.
II. Impact
Non-privileged primitive users can cause the total destruction of your entire invasion
fleet and gain unauthorized access to files.
III. Solution
EvilAliens has supplied a workaround and a patch, as follows:
A. Workaround
To prevent unauthorized insertion of executables, install firewall to selectively vaporize
incoming packets that do not contain valid aliens. Also, disable the "Java" option in
Netscape.
To eliminate the covert timing channel, remove untrusted hosts from routing tables.
As tempting as it is, do not use target species' own satellites against them.
B. Patch
As root, install the "evil" package from the distribution tape. (Optionally) save a copy
of the existing /usr/bin/sendmail and modify its permission to prevent misuse.
--------------------------------------------------------------------------
The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for
providing information for this advisory.
--------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERTCoordination
Center or your representative in the Forum of Incident Response and Security Teams (FIRST).
We strongly urge you to encrypt any sensitive information you send by email. The CERT
Coordination Center can support a shared DES key and PGP. Contact the CERT staff for
more information. Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key
CERT Contact Information
------------------------
Email [email protected]
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
http://www.cert.org/
ftp://info.cert.org/pub/
CERT advisories and bulletins are also posted on the USENET newsgroup comp.security
.announce
To be added to our mailing list for CERT advisories and bulletins, send your email address to
[email protected]
Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission
provided it is used for noncommercial purposes and the copyright
statement is included.
CERT is a service mark of Carnegie Mellon University.
Please Note this is only a joke
*********************************
List
of known hoaxes:
A B C D E F G H I J K L M N O P Q R S T U V X Y Z
Welcome to my hoax section if
you encounter a message about a virus please send to [email protected]
or call me on ICQ#22015420
I
do not spread hoaxes! these pages are simply to inform other
users that they are hoaxes. Please to not spread hoaxes.
Hoax warnings are typically scare alerts started by malicious
people - and passed on by innocent users who think they
are helping the community by spreading the warning.
Do
not forward hoax messages. There have been cases where e-mail
systems have collapsed after dozens of users forwarded a
false alert to everybody in the company. Corporate users
can get rid of the hoax problem by simply setting a strict
company guideline: End users must not forward virus alarms.
Ever. If such message is received, end users could forward it to the IT department
but not to anyone else.
|
|
