funsec mailing list archives
Re: U.S. Attorney's office tells employees not to log on to Drudge Report
From: Dan Kaminsky <dan () doxpara com>
Date: Fri, 15 May 2009 17:53:01 -0700
Networks are big and diverse, and there's not always a unified "gateway" to munge all web traffic through. Obviously it shouldn't be a long term warning, but a quick "heh everyone, stay off drudge report for a couple of days" seems reasonable if in fact malware is being seen from whatever ad network's on Drudge. If it's some sort of long term ban, yeah that's not good. On Fri, May 15, 2009 at 5:38 PM, Larry Seltzer <larry () larryseltzer com>wrote:
I guess I'm just questioning the merit in picking on one site for this, unless we know it's got a particular problem. eWEEK (who I don't write for anymore) got hit with this in February. It lasted maybe 8 hours, I forget, before we really blocked it. I was the one who tracked down the source. I'm pretty sure the ad in that case was a completely phony ad (for Lacoste, the clothing company - an ad on eWEEK?), a plant to get the malware out. The malware was a PDF that exploited a vulnerability that was patched last July. So should eWEEK be banned? If you're going to ban anything, ban the domains of the ad networks. But what really has me concerned here is that the Justice Department's malware management technique is to tell their users not to surf to a specific web site. That can't be an effective answer. They can't deal with this at the gateway somehow? Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Dan Kaminsky [mailto:dan () doxpara com] Sent: Friday, May 15, 2009 8:10 PM To: Larry Seltzer Cc: Gregory Hicks; <funsec () linuxbox org> Subject: Re: [funsec] U.S. Attorney's office tells employees not to log on to Drudge Report I have no details on this particular hack, but ad networks have been a problematic vector for a few years now. In 2007, Dan Boneh's team spent $50 to test the potential of a Flash-based networking exploit. He got into 100,000 networks. On May 15, 2009, at 4:38 PM, "Larry Seltzer" <larry () larryseltzer com> wrote:Has it? I'd like to learn more but nobody's reporting any details. What was the malware? Is it still on the network? I've seem malware through ad networks lots of times; are there other domains besides Drudge that they're not allowed to view at DOJ? Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Dan Kaminsky [mailto:dan () doxpara com] Sent: Friday, May 15, 2009 7:35 PM To: Gregory Hicks Cc: funsec () linuxbox org; Larry Seltzer Subject: Re: [funsec] U.S. Attorney's office tells employees not to log on to Drudge Report To be fair, this has been a real problem. On May 15, 2009, at 2:31 PM, Gregory Hicks <ghicks () hicks-net net> wrote:Date: Fri, 15 May 2009 16:07:58 -0400 From: "Larry Seltzer" <larry () larryseltzer com> To: <funsec () linuxbox org> Subject: [funsec] U.S. Attorney's office tells employees not to log onto Drudge Reporthttp://www.politico.com/news/stories/0509/22574.html "Asked why the conservative-leaning news aggregator and President Barack Obama critic was flagged by Internet security officials, Tracy Schmaler, a Department of Justice <http://www.politico.com/news/stories/0509/22508.html> spokeswoman, said it was because "a malicious code was found contained in a Web ad on Drudge."" How come only the DOJ knows about this and nobody else?Because the DoJ needed some excuse to tell the workerbees... --------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Gregory Hicks (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Dan Kaminsky (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Larry Seltzer (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Dan Kaminsky (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Larry Seltzer (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Dan Kaminsky (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Valdis . Kletnieks (May 15)
- Re: U.S. Attorney's office tells employees not to log onto Drudge Report Tomas L. Byrnes (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Larry Seltzer (May 15)
- Re: U.S. Attorney's office tells employees not to log on to Drudge Report Dan Kaminsky (May 15)