Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-04-05 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Verisign Site Seal Update

Published: 2006-04-05
Last Updated: 2006-04-05 20:21:48 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Tim Callan (Verisign) sent us this note:
"VeriSign reports that many public-facing Web sites continue to implement an older and less secure version of VeriSign's popular security mark. Because the old VeriSign site seals were created and distributed prior to the rise of phishing, they did not contain the full set of anti-spoofing measures available in the newest version of the VeriSign Secured Seal. For the protection of online consumers, VeriSign is in the process of phasing out its old-architecture seals and moving forward with support only for the newest version of the VeriSign Secured Seal. Old-version seals are in a round, "gold or silver medallion" shape and call their verification page from https://digitalid.verisign.com. Latest-version seals contain the black VeriSign check mark in a red circle and the words VeriSign Secured and call their verification page from https://seal.verisign.com. All Web sites employing one or more VeriSign SSL Certificates in their validity period are entitled to display the VeriSign Secured Seal to improve site visitor confidence and increase visitor propensity to complete transactions. These customers can download the latest version of the VeriSign Secured Seal free of charge at  www.verisign.com/seal."
Keywords:
0 comment(s)

Coolwebsearch / Trafficadvance got a new home...

Published: 2006-04-05
Last Updated: 2006-04-05 20:09:42 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
Looks like our long-time "friends" from the Coolwebsearch/Trafficadvance malware department have moved shop to a new hoster. If you've followed our earlier suggestions and zapped their old netblock (81.9.5.x), well, then you might want to consider banning their new sites as well. They all seem reside under  85.249.23.x now, again in St.Petersburg, Russia. If you prefer to block their domains, here's a list. All of the indicated domain names end in .biz.

traffsale1 traffweb toolbarweb toolbarsale iframecash traffcool toolbarcool traffbucks toolbarbucks traffdollars toolbardollars traffbest toolbarbest traffnew toolbarnew traffmoney toolbarmoney vip01

Be advised that unwary surfing to these sites might make your DVD drive spit out peperoni slices, cause your monitor to start flickering, and definitely will result in other side effects detrimental to the integrity of your beloved computing device. You have been warned.

Keywords:
0 comment(s)

Couple ISC Site Updates

Published: 2006-04-05
Last Updated: 2006-04-05 18:37:34 UTC
by Johannes Ullrich (Version: 3)
0 comment(s)
We made a couple of changes to the site recently:
  • The RSS feed is now available in two versions. One with headlines only (as before) and a second version with full content.
  • In addition, we now offer a "Security News Feed" which aggregates feeds from various security related sites.
  • removed a ton of little html issues that should bring the site closer to HTML 4.01 strict compliance. Not 100% there yet, but close.
In other news: We rebooted one server this morning and as a result, a ton of old queued up messages got released. You may see some old update notifications in your inbox.

You can always subscribe to our "new diary notification" service to have a brief link sent to your pager/phone if there is a diary or infocon update.

And I almost forgot: We may have some infocon test runs in the future to check that all of the mechanics of it is working well. There will be plenty of warning (> 1 week) with an exact date.


Links:
News Feeds
New Diary Notification E-Mails.


Keywords:
0 comment(s)

Fondly reminiscing the past

Published: 2006-04-05
Last Updated: 2006-04-05 16:33:08 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
Subscribers of the ISC alert service were today presented with a handful of old messages from back in January. While it is always nice to read about problems long past and resolved, we'll try to convince our server not to ruminate stale news all too frequently, and apologize for the inconvenience caused.
Keywords:
0 comment(s)

Grampa's backup

Published: 2006-04-05
Last Updated: 2006-04-05 12:42:02 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
Being an IT Professional, I'm sure you frequently get to "help out" your less IT-literate relatives and neighbours with their computer problems, real and imaginary.  Recently, I had the opportunity to fix a problem of the "real" kind - a very dead hard drive that wasn't even willing to spin anymore. Good thing is, only months earlier I had converted that same PC to backing up to an external USB drive - and since everything was so easy and quick now, Grampa had been doing his backups just as religiously as taking his fiber supplement at breakfast.

Bottom line: External USB drives make a pretty neat and cost effective backup media for home users. Combined with a customized "single click" scripted backup icon on the desktop, and the instruction to always turn the USB thingy off again after backing up (so that the worm/virus doesn't get the backup as well), Grampa should be reasonably safe. Checking back, I found that he had made two backups to the CD writer in one year, and - surprisingly - weekly backups to the USB drive.
Keywords:
0 comment(s)
Diary Archives