More CERT Documents Leaked

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,962683,00.asp

By Dennis Fisher
March 21, 2003 

The same person who earlier this week posted three unpublished CERT
Coordination Center vulnerability reports to a security mailing list
has again posted more of CERT's internal communications and has
promised to post further documents on a weekly basis.

This time, the person going by the name Hack4life, has published an
e-mail message from a CERT employee advising an unnamed group of
portal Web sites about potential vulnerabilities related to the use of
Web redirectors by spammers.

In the message, submitted Friday afternoon to the Full Disclosure
list, Hack4life writes that these actions are intended to remind the
Internet community that "holes are not released to help the admins,
they are there to help the hackers and that is who should be using
them!"

Hack4life goes on to say that all future vulnerability reports will be
released at 7 p.m. on Friday "to give hackers the maximum amount of
time to actively exploit the vulnerability before sys-admins, CERT and
vendors can act to patch the issue on Monday morning after their
weekend off."

The message that Hack4life posted Friday is an e-mail supposedly
written by Ian Finlay, an Internet systems security analyst at CERT,
based at Carnegie Mellon University, in Pittsburgh. The e-mail
describes a technique that spammers have apparently begun using to
make recipients believe they're clicking on a link to a legitimate
site, such as MSN. In reality, the URL takes them to a Web redirector
on the legitimate page, which then bounces them to the spammer's page.

"This could be a hostile site, an unsavory site, or worse, a site
mocked up to look like the trusted site in an attempt to further trick
the user," Finlay writes in the message. He asks the recipients of the
message—who are not identified in the Full Disclosure posting—to
inspect their sites and evaluate their potential exposure to the
problem.

Hack4life last weekend posted to Full Disclosure three vulnerability
advisories that CERT had written and shared with software vendors, but
had not yet released to the general public. CERT officials said they
believe the documents had been deliberately leaked by someone with
legitimate access to them. However, in some published reports this
week, Hack4life took credit for stealing the reports from CERT's
computers.

A CERT spokesman was not immediately available to comment on this
story.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.