Full Disclosure mailing list archives

[Fwd: Legal Notification]

From: david.kennedy () acm org (David Kennedy CISSP)
Date: Tue, 03 Sep 2002 10:25:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----

At 08:10 AM 9/3/02 -0400, Dave Aitel wrote:

*** PGP Signature Status: good
*** Signer: Dave Aitel (Immunity, Inc) <dave () immunitysec com>
(Invalid) *** Signed: 9/3/02 8:10:49 AM
*** Verified: 9/3/02 10:07:49 AM
*** BEGIN PGP VERIFIED MESSAGE ***


I figured I'd forward this on to the list as a warning.
-dave


It's not true.  It's part of a larger effort by one person to bring
discredit upon (ISC)^2 (note the accepted form of abbreviation). 
(ISC)^2 is aware of the general effort and is taking action they deem
appropriate.  They have established an e-mail address to accept
reports of suspicious e-mail and posted a web page on the issue to
the web site with a link on the http://www.isc2.org homepage.  See:
https://www.isc2.org/cgi-bin/content.cgi?page=173
 (note https; where you can also check the certificate w/your
browser)

There are several variants of this message, including two that
alledge the (ISC)^2 mail and DB servers were successfully hacked. 
Not true.

The attack has attempted to use several IT and IT-security related
mailing lists.


-0000 Received: from unknown (HELO isc2.org) (204.87.205.244) by

                ^^^^^^^                  ^^^^^^^^^^^^^^
Here is the first clue.  Each one of these I've seen so far, comes
from a host on one or more of the anti-spam RBL's.  This IP is
presently on proxies.relays.monkeys.com.  The IP block is registered
in Latin America, not from (ISC)^2's block nor (ISC)^2's MX.  So far
the attacker has not demonstrated the skill to completely spoof the
mail header, not to say he won't at some time in the future.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
Comment: hacker=cybercriminal--the definition changed; get over it

iQCVAwUBPXTFlfGfiIQsciJtAQHqXAP/fUhLhcfGzxcSP6fq2CfBgk2BLRiRozhe
FhEr4WSL5Cz91Jo79cSuHvArGGCei4VduzI6pMmUp/oxEG2h2e1DhVG6CCHdYVRE
T9bDJXKBNCGwX4Oq4VYXw+vLcD7uWZwtCGW8cskw6EU+i4N0TO4bJYuRtXuV4KEB
H+iA72nutQc=
=gTSa
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.

Current thread:

[Fwd: Legal Notification] Dave Aitel (Sep 03)
- [Fwd: Legal Notification] zeno (Sep 03)
  - [Fwd: Legal Notification] <mail () blazde co uk (Roland Postle) (Sep 03)
  - Re: [Fwd: Legal Notification] Matt Bruce (Sep 03)
- [Fwd: Legal Notification] J.A. Terranson (Sep 03)
- [Fwd: Legal Notification] Giordani Rodrigues (Sep 03)
- [Fwd: Legal Notification] Ken Pfeil (Sep 03)
- <Possible follow-ups>
- FW: [Fwd: Legal Notification] Ken Pfeil (Sep 03)
- [Fwd: Legal Notification] David Kennedy CISSP (Sep 03)
- Re: [Fwd: Legal Notification] Schmehl, Paul L (Sep 03)
- [Fwd: Legal Notification] crap producer (Sep 04)
- [Fwd: Legal Notification] Gary E. Miller (Sep 04)
- [Fwd: Legal Notification] Giordani Rodrigues (Sep 04)