Forum: US 99 BBS

Virtual Private Server (VPS)
Hosting provided by Central
Point Networking
cpnllc.com

Who's Online

For some reason, the 
"Nodelist" and  "Recent
Callers" features are 
not working.

Recent Visitors
- Ray Quinn
  Mon Oct 27 20:13:54 2025
  from Visalia, CA via HTTP
- Ray Quinn
  Mon Oct 27 08:13:05 2025
  from Visalia, CA via HTTP
- Ray Quinn
  Tue Oct 21 14:19:17 2025
  from Visalia, CA via HTTP
- Ray Quinn
  Mon Oct 20 18:44:09 2025
  from Visalia, CA via HTTP

System Info

Sysop:	Ray Quinn
Location:	Visalia, CA
Users:	60
Nodes:	10 (0 / 10)
Uptime:	69:40:07
Calls:	12
Files:	12,938
Messages:	99,240

Check out the US 99 
menu above for links 
to information about 
US Highway 99, after 
which the US 99 BBS 
is named.

Be sure to click on 
the Amateur Radio 
menu item above for 
packet BBSes, packet 
software, packet 
organizations, as 
well as packet 
how-to's. Also 
included is links to 
local and some 
not-so-local Amateur 
Radio Clubs.

US-CERT bulletin

From Ben Ritchey@1:393/68 to All on Mon Apr 13 21:46:58 2015

NCCIC / US-CERT

National Cyber Awareness System:

TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information 04/13/2015 03:36 PM EDT

Original release date: April 13, 2015

Systems Affected

Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests.

Overview

A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure
and potentially sensitive information.

Description

AXFR is a protocol for ôzone transfersö for replication of DNS data across multiple DNS servers. Unlike normal DNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal subdomain names [1]. Because a zone transfer is a single query, it could be used by an adversary to efficiently obtain DNS data.

A well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see CVE-1999-0532 and a 2002 CERT/CC white paper [2][3]. However, the issue has regained attention due to recent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are now available to scan for the possible exposure, increasing the likelihood of exploitation [4].

Impact

A remote unauthenticated user may observe internal network structure, learning information useful for other directed attacks.

Solution

Configure your DNS server to respond only to zone transfer (AXFR) requests from
known IP addresses. Many open-source resources give instructions on reconfiguring your DNS server. For example, see this AXFR article for information on testing and fixing the configuration of a BIND DNS server. US-CERT does not endorse or support any particular product or vendor.

References

[1] How the AXFR Protocol Works
[2] Vulnerability Summary for CVE-1999-0532
[3] Securing an Internet Name Server
[4] Scanning Alexa's Top 1M for AXFR

Revision History

April 13, 2015: Initial Release

------------------------------------------------------------------------------

This product is provided subject to this Notification and this Privacy & Use policy.

------------------------------------------------------------------------------ OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources
STAY CONNECTED:
Sign up for email updates

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

-------------------------------------------------------------------------------
-
This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf of:
United States Computer Emergency Readiness Team (US-CERT) ╖ 245 Murray Lane SW Bldg 410 ╖ Washington, DC 20598 ╖ (888) 282-0870 Powered by GovDelivery

--
Guardien Fide :^)

Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://cmech.dynip.com/homepage/
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

From Paul Hayton@3:770/100 to Ben Ritchey on Tue Apr 14 19:44:51 2015

On 04/13/15, Ben Ritchey pondered and said...

NCCIC / US-CERT

Thanks for posting Ben.

Best, Paul

--
Agency BBS, New Zealand | bbs.geek.nz | telnet: agency.bbs.geek.nz:23

--- Mystic BBS v1.10 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)

From Ben Ritchey@1:393/68 to All on Thu Apr 14 17:34:57 2016

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
04/14/2016 03:48 PM EDT

Original release date: April 14, 2016

Systems Affected
Microsoft Windows with Apple QuickTime installed

Overview
According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1]

Description
All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1]

The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2] [3]

Impact
Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.

Solution
Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page. [4]

References
[1] Trend Micro - Urgent Call to Action: Uninstall QuickTime for Windows Today [2] Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerabilit
[3] Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulner
[4] Apple - Uninstall QuickTime 7 for Windows
Revision History
April 14, 2016: Initial Release

-------------------------------------------------------------------------------
-

This product is provided subject to this Notification and this Privacy & Use policy.

-------------------------------------------------------------------------------
-
A copy of this publication is available at www.us-cert.gov. If you need help or
have questions, please send an email to info@us-cert.gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us | Security Publications | Alerts and Tips | Related Resources
STAY CONNECTED:
Sign up for email updates

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

-------------------------------------------------------------------------------
-
This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf of:
United States Computer Emergency Readiness Team (US-CERT) ╖ 245 Murray Lane SW Bldg 410 ╖ Washington, DC 20598 ╖ (888) 282-0870 Powered by GovDelivery

=== Cut ===

--
Keep the faith :^)

Ben aka cMech Web: http|ftp|telnet://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://cmech.dynip.com/homepage/
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

Who's Online

Recent Visitors

System Info

US-CERT bulletin