Re: U.S. Attorney's office tells employees not to log on to Drudge Report

[Dan Kaminsky <dan () doxpara com>]

Networks are big and diverse, and there's not always a unified "gateway" to
munge all web traffic through.  Obviously it shouldn't be a long term
warning, but a quick "heh everyone, stay off drudge report for a couple of
days" seems reasonable if in fact malware is being seen from whatever ad
network's on Drudge.  If it's some sort of long term ban, yeah that's not
good.

On Fri, May 15, 2009 at 5:38 PM, Larry Seltzer <larry () larryseltzer com>wrote:

> I guess I'm just questioning the merit in picking on one site for this,
> unless we know it's got a particular problem. eWEEK (who I don't write
> for anymore) got hit with this in February. It lasted maybe 8 hours, I
> forget, before we really blocked it. I was the one who tracked down the
> source. I'm pretty sure the ad in that case was a completely phony ad
> (for Lacoste, the clothing company - an ad on eWEEK?), a plant to get
> the malware out. The malware was a PDF that exploited a vulnerability
> that was patched last July.
>
> So should eWEEK be banned? If you're going to ban anything, ban the
> domains of the ad networks.
>
> But what really has me concerned here is that the Justice Department's
> malware management technique is to tell their users not to surf to a
> specific web site. That can't be an effective answer. They can't deal
> with this at the gateway somehow?
>
> Larry Seltzer
> Contributing Editor, PC Magazine
> larry_seltzer () ziffdavis com
> http://blogs.pcmag.com/securitywatch/
>
>
> -----Original Message-----
> From: Dan Kaminsky [mailto:dan () doxpara com]
> Sent: Friday, May 15, 2009 8:10 PM
> To: Larry Seltzer
> Cc: Gregory Hicks; <funsec () linuxbox org>
> Subject: Re: [funsec] U.S. Attorney's office tells employees not to log
> on to Drudge Report
>
> I have no details on this particular hack, but ad networks have been a
> problematic vector for a few years now. In 2007, Dan Boneh's team
> spent $50 to test the potential of a Flash-based networking exploit.
> He got into 100,000 networks.
>
>
>
> On May 15, 2009, at 4:38 PM, "Larry Seltzer" <larry () larryseltzer com>
> wrote:
>
> > Has it? I'd like to learn more but nobody's reporting any details.
> > What
> > was the malware? Is it still on the network? I've seem malware through
> > ad networks lots of times; are there other domains besides Drudge that
> > they're not allowed to view at DOJ?
> >
> > Larry Seltzer
> > Contributing Editor, PC Magazine
> > larry_seltzer () ziffdavis com
> > http://blogs.pcmag.com/securitywatch/
> >
> >
> > -----Original Message-----
> > From: Dan Kaminsky [mailto:dan () doxpara com]
> > Sent: Friday, May 15, 2009 7:35 PM
> > To: Gregory Hicks
> > Cc: funsec () linuxbox org; Larry Seltzer
> > Subject: Re: [funsec] U.S. Attorney's office tells employees not to
> > log
> > on to Drudge Report
> >
> > To be fair, this has been a real problem.
> >
> >
> >
> > On May 15, 2009, at 2:31 PM, Gregory Hicks <ghicks () hicks-net net>
> > wrote:
> >
> > > > Date: Fri, 15 May 2009 16:07:58 -0400
> > > > From: "Larry Seltzer" <larry () larryseltzer com>
> > > > To: <funsec () linuxbox org>
> > > > Subject: [funsec] U.S. Attorney's office tells employees not to log
> > > > on
> > > to Drudge Report
> > > > http://www.politico.com/news/stories/0509/22574.html
> > > >
> > > > "Asked why the conservative-leaning news aggregator and President
> > > > Barack Obama critic was flagged by Internet security officials,
> > > > Tracy
> > > > Schmaler, a Department of Justice
> > > > <http://www.politico.com/news/stories/0509/22508.html>  spokeswoman,
> > > > said it was because "a malicious code was found contained in a Web
> > > > ad
> > > > on Drudge.""
> > > >
> > > > How come only the DOJ knows about this and nobody else?
> > >
> > > Because the DoJ needed some excuse to tell the workerbees...
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Gregory Hicks                           | Principal Systems Engineer
> > >                                       | Direct:   408.569.7928
> > >
> > > People sleep peaceably in their beds at night only because rough men
> > > stand ready to do violence on their behalf -- George Orwell
> > >
> > > The price of freedom is eternal vigilance.  -- Thomas Jefferson
> > >
> > > "The best we can hope for concerning the people at large is that they
> > > be properly armed." --Alexander Hamilton
> > >
> > > _______________________________________________
> > > Fun and Misc security discussion for OT posts.
> > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > > Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.