Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

I'm fine, thanks!

Published: 2010-09-18
Last Updated: 2010-09-21 22:43:34 UTC
by Rick Wanner (Version: 1)
21 comment(s)

I woke up this morning to my Spam box full of email from a variety of people, to a variety of my email boxes, greeting me and checking into my well being.  One example of this is

From: Luella Winkler <sacrilegioush@real-time-vision.com>
Date: Sat, Sep 18, 2010 at 1:03 PM
Subject: hello
To: XXXXXX@XXXXXXX.ca


how are you?

 

To Luella and the other 54 email addresses that checked up on me...I would just like to thank all of you for caring so much and reassure you that I am quite well.

Seriously though, there is no solicitation, no attempt at phishing, and no embedded crap, just warm regards.  Is this a dry run for something big to come?

 

UPDATE 2010-09-21:  Today the same IP addresses are delivering emails with subjects such as "Deposit", "demands for payment", "schedule of bridging loan payments", and "June Voice".  They each have a .html attachment and lots of bad English.  I haven't had time to look into the attachment, but if any of you has, safely of course, I would love to hear what you found.

-- Rick Wanner - rwanner at isc dot sans dot org - http://rwanner.blogspot.com/

Keywords: Spam
21 comment(s)

Microsoft Security Advisory for ASP.NET

Published: 2010-09-18
Last Updated: 2010-09-18 23:52:41 UTC
by Rick Wanner (Version: 2)
1 comment(s)

Microsoft has released a security advisory for ASP.NET (CVE-2010-3332).  It looks like there are no known attacks for this vulnerability at this time, and no update has been released. 

To quote the release...

"Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."

More details are available at Scott Guthrie's Blog. As reader Jacob pointed out, Scott also details a configuration change that can be used for a workaround until the update is released.

-- Rick Wanner - rwanner at isc dot sans dot org - http://rwanner.blogspot.com/

1 comment(s)
Diary Archives