[ISN] More CERT Documents Leaked

From: InfoSec News (isnat_private)
Date: Mon Mar 24 2003 - 00:38:27 PST

  • Next message: InfoSec News: "[ISN] Iraq still online"

    By Dennis Fisher
    March 21, 2003 
    The same person who earlier this week posted three unpublished CERT
    Coordination Center vulnerability reports to a security mailing list
    has again posted more of CERT's internal communications and has
    promised to post further documents on a weekly basis.
    This time, the person going by the name Hack4life, has published an
    e-mail message from a CERT employee advising an unnamed group of
    portal Web sites about potential vulnerabilities related to the use of
    Web redirectors by spammers.
    In the message, submitted Friday afternoon to the Full Disclosure
    list, Hack4life writes that these actions are intended to remind the
    Internet community that "holes are not released to help the admins,
    they are there to help the hackers and that is who should be using
    Hack4life goes on to say that all future vulnerability reports will be
    released at 7 p.m. on Friday "to give hackers the maximum amount of
    time to actively exploit the vulnerability before sys-admins, CERT and
    vendors can act to patch the issue on Monday morning after their
    weekend off."
    The message that Hack4life posted Friday is an e-mail supposedly
    written by Ian Finlay, an Internet systems security analyst at CERT,
    based at Carnegie Mellon University, in Pittsburgh. The e-mail
    describes a technique that spammers have apparently begun using to
    make recipients believe they're clicking on a link to a legitimate
    site, such as MSN. In reality, the URL takes them to a Web redirector
    on the legitimate page, which then bounces them to the spammer's page.
    "This could be a hostile site, an unsavory site, or worse, a site
    mocked up to look like the trusted site in an attempt to further trick
    the user," Finlay writes in the message. He asks the recipients of the
    message—who are not identified in the Full Disclosure posting—to
    inspect their sites and evaluate their potential exposure to the
    Hack4life last weekend posted to Full Disclosure three vulnerability
    advisories that CERT had written and shared with software vendors, but
    had not yet released to the general public. CERT officials said they
    believe the documents had been deliberately leaked by someone with
    legitimate access to them. However, in some published reports this
    week, Hack4life took credit for stealing the reports from CERT's
    A CERT spokesman was not immediately available to comment on this
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 03:49:42 PST