Security Incidents mailing list archives

RE: They got me!!!

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 6 Apr 2006 08:58:14 -0700

I'm guessing your kids got nailed with malware/peer to peer 
trojans because they've been surfing places they shouldn't have.


  I was with you, up to this point.

  Microsoft used to classify a whole bunch of IE bugs as "minor"
on the grounds that users would only be at risk if they visited
"shady" web sites.  I don't think they do that any more.
  What happened is that someone hacked into a hosting provider,
and defaced *all* of the domains hosted there -- hundreds of them.
But instead of just scrawling visible graffiti on the pages, they
just added a bit of code to exploit one or more "minor" IE bugs....

  The upshot is that users cannot, with any reliability, be expected
to make judgements about the safety of sites that they visit.

  Popular sites that are poorly maintained, on servers that are not 
kept patched, are probably riskier than average, but your statement
above suggests a more general correlation with content than I think 
can be established.

David Gillett, CISSP

Current thread:

They got me!!! pentesticle (Apr 05)
- Re: They got me!!! Ivan . (Apr 05)
- Re: They got me!!! Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Apr 05)
  - Re: They got me!!! Dude VanWinkle (Apr 06)
  - RE: They got me!!! lucretias (Apr 06)
    - Re: They got me!!! Eliah Kagan (Apr 06)
    - Re: They got me!!! Valdis . Kletnieks (Apr 06)
  - RE: They got me!!! David Gillett (Apr 06)
- RE: They got me!!! Terry Vernon (Apr 06)
  - Re: They got me!!! l00t3r (Apr 06)
    - Re: They got me!!! Jamie Riden (Apr 06)
- Re: They got me!!! Colin Copley (Apr 06)
- <Possible follow-ups>
- RE: They got me!!! Levenglick, Jeff (Apr 06)
- Re: Re: They got me!!! john . fellers (Apr 06)
- Re: Re: They got me!!! pentesticle (Apr 06)
- RE: Re: They got me!!! Levenglick, Jeff (Apr 06)
  - Re: Re: They got me!!! Eliah Kagan (Apr 06)