| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Jan 2009 18:54:27 -0500 From: sexyazngrl69@....hush.com To: work@...ek.org, full-disclosure@...ts.grok.org.uk, xploitable@...il.com Subject: Re: US-CERT Current Activity - Malicious Code Circulating via Israel/Hamas Conflict Spam Messages -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nice hack babe:)) On Sun, 11 Jan 2009 18:32:09 -0500 n3td3v <xploitable@...il.com> wrote: >Their PGP keys have expired =) > >Sending email to US-CERT > >When sending sensitive information to US-CERT via email, we >encourage >you to encrypt your messages. US-CERT uses multiple public keys >based >upon their purpose. If the purpose of your communication is a >cyber >security incident report, vulnerability report, or any other >technical >question related to cyber security, please use the following key: > >User ID: US-CERT Security Operations Center <soc@...cert.gov> >Key ID: B832BE70 >Key Type: RSA >Expires: 2009-10-01 >Key size: 2048 >Fingerprint: 195E 7A9E CCD9 9504 3CA7 E26E 13D4 4840 B832 BE70 > >Information about other keys can be found on Contacting US-CERT. > >& > >Receiving publications in email from US-CERT > >US-CERT signs the email distribution of all US-CERT publications, >including Cyber Security Alerts, Technical Cyber Security Alerts, >Cyber Security Bulletins and Cyber Security Tips with the >following >key: > >User ID: US-CERT Publications Key <us-cert@...cert.gov> >Key ID: 0x3E1F88AB >Key Type: RSA >Expires: 2009-10-01 >Key Size: 2048 >Fingerprint: E0BF 6D0E 88C1 1FFC F93F 571B 7207 9633 3E1F 88AB > >http://www.us-cert.gov/pgp/email.html > >On Sun, Jan 11, 2009 at 10:29 PM, Chris Wallis <work@...ek.org> >wrote: >> Just got this from US Cert. With what's going on with this list. >I fought >> I might share with you all... >> >> With some of the crap on this list lately I really do hope it is >spambots... >> >> ~Chris Wallis >> >> >> __________ >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> US-CERT Current Activity >> >> Malicious Code Circulating via Israel/Hamas Conflict Spam >Messages >> >> Original release date: January 9, 2009 at 9:25 am Last revised: >January 9, >> 2009 at 9:25 am >> >> >> US-CERT is aware of public reports of malicious code circulating >via spam >> email messages related to the Israel/Hamas conflict in Gaza. >> These messages may contain factual information about the >conflict and >> appear to come from CNN. Additionally, the messages indicate >that >> additional news coverage of the conflict can be viewed by >following a link >> provided in the email body. If users click on this link, they >are >> redirected to a bogus CNN website that appears to contain a >video. >> Users who attempt to view this video will be prompted to update >to a new >> version of Adobe Flash Player in order to view the video. This >update is >> not a legitimate Adobe Flash Player update; it is malicious >code. If users >> download this executable file, malicious code may be installed >on their >> systems. >> >> US-CERT encourages users and administrators to take the >following >> preventative measures to help mitigate the security risks: >> * Install antivirus software, and keep the virus signatures up >to >> date. >> * Do not follow unsolicited links and do not open unsolicited >email >> messages. >> * Use caution when visiting untrusted websites. >> * Use caution when downloading and installing applications. >> * Obtain software applications and updates directly from the >> vendor's website. >> * Refer to the Recognizing and Avoiding Email Scams (pdf) >document >> for more information on avoiding email scams. >> * Refer to the Avoiding Social Engineering and Phishing Attacks >> document for more information on social engineering attacks. >> >> Relevant Url(s): >> <http://www.us-cert.gov/cas/tips/ST04-014.html> >> >> <http://www.us-cert.gov/reading_room/emailscams_0905.pdf> >> >> ==== >> This entry is available at >> http://www.us- >cert.gov/current/index.html#malware_circulating_via_email_messages >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.5 (GNU/Linux) >> >> iQEVAwUBSWdhW3IHljM+H4irAQJcFAgAjGyje+ahBx/YguARXCI1CAYY/5zWoL1s >> Zg5n1Ly+cB3kte8ZgVUoOb2CrHor8HxMhu3kVkD0T4yFpK1UOi9W4ERbe2ntVKGh >> 2nISPXPWOmn9glexc9EnvBBmEUEEv3Uu8m6M5uykUisJMcfje5LVt1I9BtgESqmu >> x9cTWACgciA+wgDHnaspKjxUOFaAy2c4SFBt+S/5FtzU4t43f6CThD4V4b3MO06y >> 2m46lkWe4fJdQBd7tboj0CK+vX7IKtplPzL7VG+L36idn0ZBFwNMAJTiuHSjdEA1 >> fvLBMjMm4bBblUet4Mf4oKatkElqLXCZDMdaWJ1JPuCc6Lc5ChEMGQ== >> =PU6L >> -----END PGP SIGNATURE----- >> >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAklqhrMACgkQynWwk3/AtyOmJgQAjZsbVABLYAgiJ6E3KbL8egRC16LZ LYWMz+Qq488tDFyuFqx42aKKX9Kq+Bq6OmiDpiEPfh/Kbv94Sz7NNhJitOUj59qmaW8l +Q7MZH3n8HLwWHuSNNg49Z+dbsa6bCoXg1UAFHsfzBgoxhpw409y3UOi8tiBZKGZh077 i7zstEQ= =41Lu -----END PGP SIGNATURE----- -- Not having a degree dragging you down?? Click here for free information. http://tagline.hushmail.com/fc/PnY6qxtpfWTkztv1CWWRfdCq2BwJiLB6qjjQgOYVTvAspZfGKCGXe/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists