Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec AV linked to Verisign certificate problem, DUGallery, False Weather Alerts, more phishing

Verisign Certificate Expiration linked to Symantec AV issue

Today, a Verisign root certificate included with Internet Explorer expired. As a result, Verisign's certificate revocation list server was not able to handle all the requests from clients attempting to contact it as a result of the expiration.

Verisign, apparently to lower the load on its server, now resolves this server to non-routable 10/8 IP addresses 50% of the time.

Some applications, most notably Norton Antivirus, use this server to verify certificates. In the case of Norton Antivirus, it is used to verify its signature file.

As 50% of the time, users will not be able to contact Verisigns certificate revocation list, Norton Antivirus will stall.

Workarounds:

Verisign set the TTL of its DNS records rather short. So if you try after one minute again, you will likely get a valid IP address. If this is not an option, edit your hosts file and insert one of these IPs for 'crl.verisign.net':
198.49.161.200, 198.49.161.205, 198.49.161.206, 64.94.110.11.

However, this is not recommended as a long term solution, as these IPs may
change at any time.
http://slashdot.org/article.pl?sid=04/01/08/1849245&mode=thread&tid=126&tid=128&tid=172&tid=95

http://www.verisign.com/support/vendors/exp-gsid-ssl.html?sl=070807


Web Defacements

At least one web-defacement crew appears to use Google to find sites with
vulnerable versions of 'DUGallery' installed. Recently, a number of issues
regarding this product where posted to Bugtraq. As of this writing, no
updates are available.

http://seclists.org/lists/bugtraq/2003/Dec/0246.html

False Weather Alerts

A user reported that the "Weatherbug" application he is using is displaying
false weather alerts. We have not identified the source of the false alerts. According to the report we received, corrections followed shortly after the false warnings had been received.

Phishing sites of the day

We did receive reports about spam advertising a fake Citibank site.

-----------

Johannes Ullrich, SANS Institute, jullrich_AT_sans.orgI will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022

 Johannes

4347 Posts
ISC Handler
Jan 8th 2004
Thread locked Subscribe Jan 8th 2004
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!