Educause Security Discussion mailing list archives
Re: Microsoft the source of all evil?? Simple question
From: Nick Pistentis <nick () NICKPISTENTIS NET>
Date: Wed, 13 Feb 2008 12:21:23 -0500
I saw the same thing last week when I did a google search for "Windows XP Service Pack 3." Alarmingly, it was the first hit - above MS's legitimate technet page on the subject. Luckily I noted the URL before clicking - one of our forensics guys said that the executable posted there is roughly 300k larger than the genuine file posted on the MS download page, and he echoed Jim's observation that the page is visually near-identical. -Nick ____________________________ Nick Pistentis Manager, ISS Student Technology Services George Washington University 202.994.6202 nlp () gwu edu http://iss.gwu.edu/sts James Moore wrote:
I went looking for more documentation on Powershell on Google. The string that I used was “guide powershell” It came back with *Download details: Windows PowerShell 1.0 Documentation Pack <http://thesource.ofallevil.com/downloads/details.aspx?FamilyId=B4720B00-9A66-430F-BD56-EC48BFCA154F&displaylang=en> <http://www.siteadvisor.com/sites/ofallevil.com?ref=safesearch&client_ver=FF_26.5_6256&locale=en-US&premium=false&aff_id=0>* Documentation of Windows *PowerShell* 1.0, which includes the Windows *PowerShell* Getting Started *Guide*, the Windows *PowerShell* Primer, the Windows *PowerShell* *...* thesource.ofallevil.com/.../details.aspx?FamilyId=B4720B00-9A66-430F-BD56-EC48BFCA154F&displaylang=en - 31k - _Note the URL. _ Not having had my 2^nd cup of coffee, and also trusting McAfee’s SiteAdvisor™ , I clicked on it. The result looks surprisingly like a Microsoft site. The URL doesn’t. Anyone know more about “ofallevil.com”. Whois shows it in Bellevue, WA, but it is privacy protected. http://thesource.ofallevil.com/en/us/default.aspx looks very Microsoft. http://www.ofallevil.com/ returns a blank page. Jim Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4208 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it?
Current thread:
- Microsoft the source of all evil?? Simple question James Moore (Feb 13)
- <Possible follow-ups>
- Re: Microsoft the source of all evil?? Simple question Nick Pistentis (Feb 13)
- Re: Microsoft the source of all evil?? Simple question John Kim (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Glenn Forbes Fleming Larratt (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Kevin Halgren (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Gary Flynn (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Morrow Long (Feb 13)