Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-04-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Pitfall Of Two Factor Authentication

Published: 2006-04-10
Last Updated: 2006-04-10 23:48:12 UTC
by Jason Lam (Version: 1)
0 comment(s)
Most banks are moving over to various two factor authentication systems these days. Does two factor authentication actually mitigate the security problems such as phishing that plagued the traditional username and password based authentication? Two factor authentication is stronger than the traditional authentication system but it definitely has its own problem as well. The following article provides some insight into the potential problems of two factor authentication.

http://www.networksec.org/index.php?n=Articles.AuthenticationThePitfallOfTwoFactorAuthentication
Keywords:
0 comment(s)

Spam reporting addresses

Published: 2006-04-12
Last Updated: 2006-04-12 19:08:02 UTC
by William Stearns (Version: 7)
0 comment(s)
        It's been a quiet day, with a few reports of phish and pop-up spam.  It looks like we haven't covered spam reporting in a while.

        Because I work so much with spam already as part of the sa-blacklist and SURBL projects, I take an additional step and report spam to the organizations and agencies that have interest in certain spam categories.  I tend to prefer email accounts to which I can bounce spam emails (make sure you remove the original recipient addresses or they'll get the spam again!) as this is easier to script than trying to send the emails through web forms.

        First, the FTC will take any spam you get; send it to uce_at_ftc.gov .  Also, spamarchive.org is interested in any spam you have, but please send it as an RFC822 attachment (see your email client docmuentation on "How to send as an attachment") to submitautomated_at_spamarchive.org .

        Here are the reporting addresses I use, by category:

- Theft of cable services: ocst_at_ncta.com

- Child pornography: children_at_interpol.int, gmail_at_cybertip.ca .  Other than these, do not redistribute the spams, visit any advertised sites, or keep the emails.  You shouldn't send these to spamarchive.org as these are republished on an ftp server.

- Nigerian/419 scams (http://home.rica.net/alphae/419coal/): 419.fcd_at_usss.treas.gov

- OEM software: netpiracy_at_siia.net, piracy_at_microsoft.com

- Phish scams: reportphishing_at_antiphishing.org, phish_at_ists.dartmouth.edu, spam_at_mailpolice.com, and  phishing-report_at_us-cert.gov.  Also, postmaster_at_corp.mailsecurity.net.au, spoof_at_millersmiles.co.uk, and report_at_reportphish.org are interested, but please send the phish mail as an RFC822 attachment.

- Pills: webcomplaints_at_ora.fda.gov, drugs_at_interpol.int

- Pyramid scams: fraud_at_uspis.gov

- Rolex/replicas: steve.gobin_at_rolex.com, expert_at_lpconline.com

- Stock/pump and dump: enforcement_at_sec.gov

- Tobacco: alctob_at_ttb.treas.gov

- Viruses: newvirus_at_kaspersky.com, vsamples_at_f-secure.com, virus_at_cai.com, virus_at_commandcom.com, virus_at_pandasoftware.com, virus_doctor_at_trendmicro.com, virus_research_at_nai.com

        Some of the above came from Spamlinks Reporting page - many thanks for an excellent resource.  The email addresses I covered above tend to be focused on US agencies; definitely visit spamlinks if you live outside of the US.

        -- Bill Stearns (http://www.stearns.org, wstearns@pobox.com)

Keywords:
0 comment(s)
Diary Archives