http://www.eweek.com/article2/0,3959,962683,00.asp By Dennis Fisher March 21, 2003 The same person who earlier this week posted three unpublished CERT Coordination Center vulnerability reports to a security mailing list has again posted more of CERT's internal communications and has promised to post further documents on a weekly basis. This time, the person going by the name Hack4life, has published an e-mail message from a CERT employee advising an unnamed group of portal Web sites about potential vulnerabilities related to the use of Web redirectors by spammers. In the message, submitted Friday afternoon to the Full Disclosure list, Hack4life writes that these actions are intended to remind the Internet community that "holes are not released to help the admins, they are there to help the hackers and that is who should be using them!" Hack4life goes on to say that all future vulnerability reports will be released at 7 p.m. on Friday "to give hackers the maximum amount of time to actively exploit the vulnerability before sys-admins, CERT and vendors can act to patch the issue on Monday morning after their weekend off." The message that Hack4life posted Friday is an e-mail supposedly written by Ian Finlay, an Internet systems security analyst at CERT, based at Carnegie Mellon University, in Pittsburgh. The e-mail describes a technique that spammers have apparently begun using to make recipients believe they're clicking on a link to a legitimate site, such as MSN. In reality, the URL takes them to a Web redirector on the legitimate page, which then bounces them to the spammer's page. "This could be a hostile site, an unsavory site, or worse, a site mocked up to look like the trusted site in an attempt to further trick the user," Finlay writes in the message. He asks the recipients of the message—who are not identified in the Full Disclosure posting—to inspect their sites and evaluate their potential exposure to the problem. Hack4life last weekend posted to Full Disclosure three vulnerability advisories that CERT had written and shared with software vendors, but had not yet released to the general public. CERT officials said they believe the documents had been deliberately leaked by someone with legitimate access to them. However, in some published reports this week, Hack4life took credit for stealing the reports from CERT's computers. A CERT spokesman was not immediately available to comment on this story. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 03:49:42 PST