Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2013-04-16 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 7 Update 21 is available - Watch for Behaviour Changes !

Published: 2013-04-16
Last Updated: 2013-04-16 20:56:08 UTC
by Rob VandenBrink (Version: 1)
8 comment(s)

Several of our readers have written in to let us know about the latest Java Update. 

So why isn't this a normal one-liner with a pointer off to the readme?  Because Oracle has significantly changed how Java runs with this version.  Java now requires code signing, and will pop up brightly coloured dialogue boxes if your code is not signed.  They now alert on unsigned, signed-but-expired and self-signed certificates.

We'll even need to click "OK" when we try to download and execute signed and trusted Java.

This is a really positive move on their part - with as many problems as Java has, it'll be nice to stop blaming the developers of the language entirely for malicious code - Java doesn't give you malware, running malware gives you malware. 

(not that Java is perfect, mind you)

 

The graphics you can expect to see once you update are:

Valid Certificate Self-Signed Certificate

 

 

Expired Certificate Unsigned Application

Full details on the new run policy can be found here ==> https://www.java.com/en/download/help/appsecuritydialogs.xml

And more information can be found here ==> http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html

 

===============
Rob VandenBrink
Metafore

Keywords: Java 7u21
8 comment(s)

Fake Boston Marathon Scams Update

Published: 2013-04-16
Last Updated: 2013-04-16 16:41:37 UTC
by John Bambenek (Version: 1)
3 comment(s)

Yesterday, TheDomains reported there was 125 potentially fake domains registered just hours after the attack in Boston. By my current count, I see 234. Some of these are just parked domains, some are squatters who are keeping the domains from bad people. A couple are soliciting donations (one is soliciting bitcoins, oddly enough). So far, there has been no reports of any spam related to this but there have been a few fake twitter accounts which are fairly quickly getting squashed. Oh, and one lawsuit-lawyer related site in connection to the event but that's a different kind of scum then we typically deal with here. But so far, most of the domains are parked (typically at GoDaddy, but don't read that as a swipe at them) or they don't resolve anywhere.

In short, I would have thought this would have picked up quicker than it had.

That said, it did give me the impetus to finish scripting a few things to basically monitor these domains automagically to start looking for indicators and to see when (or if) they ever come out of "parked" status.

As usual, the standard advice applies in events like these. If you want to donate (or have friends/family/collegaues who do) work through well-known and established charities to do so.

Feel free to send any suspicious sites/spam/twitter accounts/etc to use so we can keep doing analysis.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

3 comment(s)
ISC StormCast for Tuesday, April 16th 2013 http://isc.sans.edu/podcastdetail.html?id=3245
Diary Archives