Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-01-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Here it is -- Your turn to be heard

Published: 2005-01-02
Last Updated: 2005-01-04 19:23:56 UTC
by Tony Carothers (Version: 1)
0 comment(s)
Reader Diary

As the Editor of today's postings, I am taking the liberty of first comments, so here ya go .....

I'd like to thank all that have contributed to make this what it is, and those that have helped me as well. Those include, but not limited to

Johannes & Marcus for making this possible for all of us. Scott F., Patrick N., Michael H., and Chris B. for your insight and advice. Gonzopancho for your patience, guidance, and understanding. Last, but not least, Lorna H. for all you've done, including the invitation to the desert.



Tony Carothers

Handler on Duty

---

---
Hi ISC,

The first time I visited storm center, I was looking for the global trend pattern in the port traffic after the 0 day! Since then it has become my Home Page, so I know what is going on before I visit any other page!

Best Webcast was on Malware by Ed Skoudis and his book Titled "Malware - Fighting Malicious code"

I advise every one to make http://isc.sans.org as their home page!

Wish You All Very Happy New Year!

I salute the BEST voluntary job done by you all!


Best regards,
Ramu

---

---
As the lone technical person in a very small start-up company, I have
the secondary responsibility (and pleasure) of architecting,
protecting, and maintaining our computing infrastructure, while also
tending to my primary responsibilities. When I took this position
several months ago, I knew security was one of my weaker areas, and so
I made the SANS ISC my browser homepage. The daily Handler Diaries
have been a God-send for me, helping me stay one step ahead of the
malware coming at my systems from so many vectors. Thank you,
handlers, for providing concise, timely and useful information to
those of us who don't have the time to do the research ourselves!

Patrick K.

---

---
While the ISC handlers sure have earned high praise for their work, my
Kudos for the best ITSec Innovation in 2004 go to the folks at Hispasec
for http://www.virustotal.com, a free service that allows to automatically
scan a suspicous file with a dozen different anti virus products.

Daniel W

---

---
the ISC Handler's Diary is one of my three required pages to check every day, and it has the best information per time spent ratio of any resource. I also like how you guys are informal on it, it's very readable and presents better information than if it went through some kind of "officializing" filter. So thanks for it, you are all appreciated.

James Foster

---

---
Cheers, ISC! You've done us great justice. Keep up the good work.

"Don't mistake a temptation for an opportunity. After that, the rest will
follow."
---
Michael F. Rork

---

---
I am a 65 year old computer geek wannabe. I don't remember how I first discovered your website but I immediately bookmarked it and for every day of the last 3 years, I have read, quoted from and referred users to it. It is the first place I go every morning and the last place I visit every night. You have educated, warned and, on occasion, amused me every one of those days. I may never reach the level of computer literacy of some of your readers but none could appreciate you more than I do. The continuing dedication of your volunteers has helped me create a safe and protected OS. Thank you for being there.

With sincere appreciation,

Anne

---

---
I just want to say a resounding THANK YOU! to all the handlers who work so hard, around the clock, for the Internet Storm Center. There are many system administrators like me who manage small business networks without the benefit of 3000 US$ seminars every few months. We are able to glean much good information from the Handler's Diary and from all the other resources at ISC.
Handlers, your labors are appreciated.

Christopher Smith
Virginia, USA

---

---
A big thank you to the ISC and the handlers for a great job. You're the
first site I check in the morning to get the latest info on security
threats.

Norman.

---

---
Well, another year comes to an end.

And you asked for it, so
here it is.

Thanks kindly for "The Handlers Diary".

It, is quite literally, the first thing I read when I
start my work day (be that day, evening, wee hours of the
morning, or whenever).

It is often the last thing I glance at before
logging off for the night (morning, day, whatever).
after checking email for that last time.

I've shared what I've read there with others and
all in all, tried to be a good netizen, this year,
as in many years past, and for the new year as well.

Your musings and notices and occasional admonishments
are a big help in that task.

So,

There it is.

Keep up the good work,

- --chipper

---

---
Just a quick note to say thanks for all the posts from the last year. ISC is the place I go first to find out what's going on. And you do it with a nice sense of humor. Keep up the good work and thanks.

Have a safe and Happy New Year.

--
Mark-Allen Perry

---

---
====

Contained within this vine, of white magnolias, red and green, exists a cipher
of mystical beauty. Control the vine and it is yours to use; let it grow freely
and you will be a prisoner to its thorns. Contained within this vine, of white
magnolias, red and green, exists a voice. Speak to the voice, and it will speak
to you. This is the mystical beauty." -- NoamEppel.com

====

Thank you and HAPPY NEW YEARS! Keep up the great work!

Noam Eppel

---

---
I would like to thank ISC for the professional service
that is offered through the web portal. It is nice to
have such a resource where one can get the 'big
picture' quickly. I have used your site for years and
enjoy the benefit of getting to the point without
having to waste time with research on other sites.

The personal firewall log submissions are great.
Having this information allows rapid determination of
threats and exploits in the wild. It is a great
service.

Keep up the good work and I hope your site continues
to enjoy technical advances that better the security
posture of all of us.

Happy New Year everyone and thank you for volunteering
your time.

//Seab

---

---
Each and every one of us (being seen as opinion leaders on all things tech) should strive to put that bad/dirty habit of Internet Explorer to rest for once and for all. Leading by example will have a knock on / exponential impact in this case

Use of IE versus another browser such as Firefox has many similarities to other bad habits such as smoking or excessive drinking:

1>You know there is an alternative ie not smoking / use Firefox - but you just cant help yourself! You have done it for so long and it comes as second nature.

2>Being seen to indulge the habit - ie smoke / use IE in the company of your peers usually results in ridicule (every fire up IE at a SANS conference when showing off the latest tool in your arsenal? remember the sniggers!)

3>If you ditch smoking / use of IE you will be fitter and healthier - less time smoking - more exercise and less time patching - more exercise.

4>Ultimatley you know ongoing indulgence will result in your downfall - smoking will kill you and a zero day IE exploit is going to wipe out your entire corporate infrastructure with a super worm that chews data, OS and hardware!

So the moral of the story is if you want to be habit free, respected by your peers, healthy and have a long fruitful career - stop using that blo*dy browser!

Now where's my ciggarettes!

Peter Mc Laughlin

---

---
To the ISC and SANS, especially the volunteers, a great big THANK YOU for the job you do every day to help keep the world safer and more informed.


To anyone who has found there way to this message, read and heed what these guys say about security. Paranoia is simply a normal level of computer security.



To people who spam, write spyware, phish, and do other things that generally make others lives miserable? Well, that just shouldn?t be printed.



Greg Miller

---

---
Dear Sir/Madam,
Just wanted to say thankyou for the excellent work you ladies and gents do at ISC and express my best wishes to you all for 2005 and beyond.

Yours Sincerely

Steven Burn

---

---
I follow your Diary every day, even on a holiday and through the summer.
It's a very "heavy" source of information and helps to understand what
is believable in IT security news, in fact.
All the best and let's be awake!

Regards, and happy holidays,

Juha-Matti Laurio, Finland

---

---
I'd like to offer my thanks to the Handlers as a group for their time
and effort. I'm planning to attend SANS in San Diego this April and
hope to have a chance to meet some of you (and most any other denizens
of the Intrustions list) there.

Ken Connelly

---

---
Dear Sir,

It seems to be that in 2005, Africans and their governments will rise up to the threats that information technology vulnerabilities and crooks pose to their infrastructure.

Privacy will also become a major issue in South and West Africa as bodies such as EPIC and right curusaders get to users to realise that there is a bad side to the internet.

Those are my predictions for 2005.

I wish to thank SANS for contributing in no small measure to promoting information security awareness.

Idara Akpan

---

---
The year 2004 will be remembered for the virus wars and the rise of
phishing. My prediction is for more of the same, only on a larger and more
destructive scale: organized mass exploitation of critical vulnerabilities
for the purposes of illegitimate and criminal activity. To those obnoxious
(I guess that's all) virus writers I say: quit while you have your freedom.
Anyone who launches a file attachment virus to be clicked on by 300,000
users (July Mydoom variant), for "fun" or profit or just to one-up another
virus, deserves serious serious time in adult prison. To those who know the
identity of any virus writer I say: report them and collect the reward. And
by the way, file attachment viruses aren't even "elite" anymore; they don't
show creativity or ingenuity; they are just lame.

Remote exploits will be a growing problem in 2005. Sometimes, the hands of
security professionals are tied when vendors leave critical vulnerabilities
unpatched for more than a month, with zero workarounds (other than ditching
the application; go Firefox)! I mention this because one of my fondest
memories of 2004 came near the end. On Dec. 30, I passed the GCIH practical
and the two exams, thus earning my first (and hopefully not last) GIAC
certification. My practical, "Exploiting the Microsoft Internet Explorer
Malformed Iframe Vulnerability" covers the October vulnerability (CVE
CAN-2004-1050) that raised the ire of the infosec community for all of
November. To understand what the fuss was about, or to read an
attack/defense scenario complete with a buffer overflow diagram,
shell-shoveling shellcode, Netcat, and NTFS alternate data streams, I have
posted my practical at
http://www.as2.info/Alan_Tu_GCIH.doc

Thank you Alex for the inspiration to get certified; thank you Kevin Bong
for the instruction; and last but not least thank you Ed Skoudis for
putting together such high-quality courseware. The books for Track 4 are a
complete treatise on network attacks and incident response, and your
conference presentation of the material is beyond first-rate.

Alan Tu, GCIH 2004

---

---
Hi



The most valuable site in the internet for security professional
RAVI.R

---

---
To ISC:

I start working in security field from early of 2004
and Internet Storm Center always be my reference for
latest Internet threat. ISC have gave me better idea
in security field and how to further develop myself.
Really thanks a lot!!! Keep it guys!!

Regards,
Ahman

---

---
Happy 2005 ISC Handlers! Reading the Incident Handlers Diary has become a part of my daily operations and has, on more than one occasion, provided a valuable heads up or insight into anomalous behavior on the network. Thanks for providing such an excellent Diary and for your direct responses throughout the year. Especially thanks to Deb for the help with IRC botnets!

Terence Runge, CISSP
Senior Security Analyst

Keywords:
0 comment(s)
Diary Archives