Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Cyber Security Awareness Month: What's your favorite/most scary false positive

Published: 2014-09-22
Last Updated: 2014-09-22 01:19:52 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

As in prior years, we would like to use a theme for our October diaries, in order to participate in Cyber Security Awareness Month. This month, we are looking for "False Positives". One issue we are running into a lot is users who are new to security and start looking at logs, only to be confronted with unparsable, "scary" messages. But even as an experienced security practitioners, you can run into a an indicator that may initially get you to believe that your system is compromised only to learn later that there was nothing to worry about. 

To help us out, please send us your favorite scary, but in the end bening, lot message or other error/system message. Please include a few details stating why you initially thought that there was a problem and how you came to believe that the message was nothing to worry about. We hope to cover about 1 message for each work day (5 / week). Please include how you would like to be identified (usually we use submitters first name)

 

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: CSAM 2014
0 comment(s)
ISC StormCast for Monday, September 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=4157

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Strange ICMP traffic seen in destination
published 1 day ago by Manuel Humberto Santander Pelaacuteez (1 comment)

PHP Fixes Several Bugs in Version 5.4 and 5.5
published 2 days ago by Guy (0 comments)

Web Scan looking for /info/whitelist.pac
published 3 days ago by Guy (3 comments)

Apple Phishing emails
published 3 days ago by Mark (0 comments)

Your online background check is now public!
published 4 days ago by Daniel (7 comments)

FreeBSD Denial of Service advisory (CVE-2004-0230)
published 5 days ago by Mark (1 comment)

https://yourfakebank.support -- TLD confusion starts!
published 5 days ago by Daniel (6 comments)

Google DNS Server IP Address Spoofed for SNMP reflective Attacks
published 6 days ago by Dr. J. (14 comments)

Even Bad Malware Works
published 6 days ago by Dr. J. (3 comments)

View All Diaries →

Latest Discussions

XSS vulnerability in opencms v9.0.1 workplace
created 2 days ago by Murali (0 replies)

RSS feeds broken in Sage
created 2 weeks ago by Madmanguruman (0 replies)

Brown Breach.. . UPS
created 3 weeks ago by ICI2Eye (0 replies)

So, how dead is antivirus exactly?
created 1 month ago by Safensoft (3 replies)

recommender system for network intrusion detection
created 1 month ago by BiSarfraz (2 replies)

View All Forums →

Latest News

View All News →