lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3.0.5.32.20020903102525.04031220@pop.fuse.net>
From: david.kennedy at acm.org (David Kennedy CISSP)
Subject: [Fwd: Legal Notification]

-----BEGIN PGP SIGNED MESSAGE-----

At 08:10 AM 9/3/02 -0400, Dave Aitel wrote:
>*** PGP Signature Status: good
>*** Signer: Dave Aitel (Immunity, Inc) <dave@...unitysec.com>
>(Invalid) *** Signed: 9/3/02 8:10:49 AM
>*** Verified: 9/3/02 10:07:49 AM
>*** BEGIN PGP VERIFIED MESSAGE ***
>
>
>I figured I'd forward this on to the list as a warning.
>-dave

It's not true.  It's part of a larger effort by one person to bring
discredit upon (ISC)^2 (note the accepted form of abbreviation). 
(ISC)^2 is aware of the general effort and is taking action they deem
appropriate.  They have established an e-mail address to accept
reports of suspicious e-mail and posted a web page on the issue to
the web site with a link on the http://www.isc2.org homepage.  See:
https://www.isc2.org/cgi-bin/content.cgi?page=173
 (note https; where you can also check the certificate w/your
browser)

There are several variants of this message, including two that
alledge the (ISC)^2 mail and DB servers were successfully hacked. 
Not true.

The attack has attempted to use several IT and IT-security related
mailing lists.

>
>Return-Path: <info@...2.org>
>Delivered-To: immunitysec-com-dave@...unitysec.com
>Received: (qmail 37832 invoked from network); 3 Sep 2002 11:21:32
>-0000 Received: from unknown (HELO isc2.org) (204.87.205.244) by
                ^^^^^^^                  ^^^^^^^^^^^^^^
Here is the first clue.  Each one of these I've seen so far, comes
from a host on one or more of the anti-spam RBL's.  This IP is
presently on proxies.relays.monkeys.com.  The IP block is registered
in Latin America, not from (ISC)^2's block nor (ISC)^2's MX.  So far
the attacker has not demonstrated the skill to completely spoof the
mail header, not to say he won't at some time in the future.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
Comment: hacker=cybercriminal--the definition changed; get over it

iQCVAwUBPXTFlfGfiIQsciJtAQHqXAP/fUhLhcfGzxcSP6fq2CfBgk2BLRiRozhe
FhEr4WSL5Cz91Jo79cSuHvArGGCei4VduzI6pMmUp/oxEG2h2e1DhVG6CCHdYVRE
T9bDJXKBNCGwX4Oq4VYXw+vLcD7uWZwtCGW8cskw6EU+i4N0TO4bJYuRtXuV4KEB
H+iA72nutQc=
=gTSa
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ