Full Disclosure mailing list archives
[Fwd: Legal Notification]
From: david.kennedy () acm org (David Kennedy CISSP)
Date: Tue, 03 Sep 2002 10:25:25 -0400
-----BEGIN PGP SIGNED MESSAGE----- At 08:10 AM 9/3/02 -0400, Dave Aitel wrote:
*** PGP Signature Status: good *** Signer: Dave Aitel (Immunity, Inc) <dave () immunitysec com> (Invalid) *** Signed: 9/3/02 8:10:49 AM *** Verified: 9/3/02 10:07:49 AM *** BEGIN PGP VERIFIED MESSAGE *** I figured I'd forward this on to the list as a warning. -dave
It's not true. It's part of a larger effort by one person to bring discredit upon (ISC)^2 (note the accepted form of abbreviation). (ISC)^2 is aware of the general effort and is taking action they deem appropriate. They have established an e-mail address to accept reports of suspicious e-mail and posted a web page on the issue to the web site with a link on the http://www.isc2.org homepage. See: https://www.isc2.org/cgi-bin/content.cgi?page=173 (note https; where you can also check the certificate w/your browser) There are several variants of this message, including two that alledge the (ISC)^2 mail and DB servers were successfully hacked. Not true. The attack has attempted to use several IT and IT-security related mailing lists.
Return-Path: <info () isc2 org> Delivered-To: immunitysec-com-dave () immunitysec com Received: (qmail 37832 invoked from network); 3 Sep 2002 11:21:32 -0000 Received: from unknown (HELO isc2.org) (204.87.205.244) by
^^^^^^^ ^^^^^^^^^^^^^^ Here is the first clue. Each one of these I've seen so far, comes from a host on one or more of the anti-spam RBL's. This IP is presently on proxies.relays.monkeys.com. The IP block is registered in Latin America, not from (ISC)^2's block nor (ISC)^2's MX. So far the attacker has not demonstrated the skill to completely spoof the mail header, not to say he won't at some time in the future. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 Comment: hacker=cybercriminal--the definition changed; get over it iQCVAwUBPXTFlfGfiIQsciJtAQHqXAP/fUhLhcfGzxcSP6fq2CfBgk2BLRiRozhe FhEr4WSL5Cz91Jo79cSuHvArGGCei4VduzI6pMmUp/oxEG2h2e1DhVG6CCHdYVRE T9bDJXKBNCGwX4Oq4VYXw+vLcD7uWZwtCGW8cskw6EU+i4N0TO4bJYuRtXuV4KEB H+iA72nutQc= =gTSa -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP /"\ Director of Research Services, \ / ASCII Ribbon Campaign TruSecure Corp. http://www.trusecure.com X Against HTML Mail Protect what you connect; / \ Look both ways before crossing the Net.
Current thread:
- [Fwd: Legal Notification] Dave Aitel (Sep 03)
- [Fwd: Legal Notification] zeno (Sep 03)
- [Fwd: Legal Notification] <mail () blazde co uk (Roland Postle) (Sep 03)
- Re: [Fwd: Legal Notification] Matt Bruce (Sep 03)
- [Fwd: Legal Notification] J.A. Terranson (Sep 03)
- [Fwd: Legal Notification] Giordani Rodrigues (Sep 03)
- [Fwd: Legal Notification] Ken Pfeil (Sep 03)
- <Possible follow-ups>
- FW: [Fwd: Legal Notification] Ken Pfeil (Sep 03)
- [Fwd: Legal Notification] David Kennedy CISSP (Sep 03)
- Re: [Fwd: Legal Notification] Schmehl, Paul L (Sep 03)
- [Fwd: Legal Notification] crap producer (Sep 04)
- [Fwd: Legal Notification] Gary E. Miller (Sep 04)
- [Fwd: Legal Notification] Giordani Rodrigues (Sep 04)
- [Fwd: Legal Notification] zeno (Sep 03)