Interesting reading. One thought that came to me that wasn't addresses. I wonder if the authorities notified the owners at the universities of the compromised command and control servers? Being in IT at a community college, I'd sure like to be notified if someone found one of our systems being used in this manner.
From: [email protected] [mailto:[email protected]] Sent: Thursday, January 31, 2013 2:30 PM To: NT System Admin Issues Subject: Re: Shocking? Somehow, not... On the security front, I read this today http://mobile.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.xml And was interested to see the "network devices" that compromised the Chamber of Commerce (somewhere in the middle of the article). The things you need to secure are now myriad! Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: "Andrew S. Baker" <[email protected]<mailto:[email protected]>> Date: Thu, 31 Jan 2013 14:23:27 -0500 To: NT System Admin Issues<[email protected]<mailto:[email protected]>> ReplyTo: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Subject: Re: Shocking? Somehow, not... I love it when security tools wage battle against one another.... :) ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Wed, Jan 30, 2013 at 10:28 AM, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Just tried to run it on my systems and sure enough since I have totally disabled java it barfs. That and Zero Vulnerability Exploitshield catches its .dll being invoked into java as an exploit and stops it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, January 30, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Shocking? Somehow, not... Rapid7 has a tool to scan for this vulnerability, it does require Java(!) and registration, but is otherwise free. From: Patrick Salmon [mailto:[email protected]] Sent: Tuesday, January 29, 2013 1:01 PM To: NT System Admin Issues Subject: Re: Shocking? Somehow, not... Not surprisingly, you're going to see a lot of alerts coming out on this subject. Here's the Cisco one: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp which you can expect to be updated as more is learned about which products are affected. On Tue, Jan 29, 2013 at 9:44 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
