CINXE.COM

<!doctype html><html lang="en"><head><title>Internet Storm Center Diary 2010-02-03 - SANS Internet Storm Center</title> <meta charset="utf-8"> <meta name="viewport" content="" /> <meta property="og:site_name" content="SANS Internet Storm Center" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://isc.sans.edu/diary/0" /> <meta property="og:title" content="Internet Storm Center Diary 2010-02-03 - SANS Internet Storm Center" /> <meta property="og:image" content="https://isc.sans.edu/images/logos/isc/large.png" /> <meta property="twitter:site" content="@sans_isc" /> <meta property="twitter:creator" content="@sans_isc" /> <meta property="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="https://isc.sans.edu/images/logos/isc/large.png" > <meta property="twitter:image:alt" content="SANS Internet Storm Center" /> <meta property="twitter:title" content="Internet Storm Center Diary 2010-02-03 - SANS Internet Storm Center" /> <meta name="description" content="Internet Storm Center Diary 2010-02-03, Author&colon; Rob VandenBrink"> <meta property="og:description" content="Internet Storm Center Diary 2010-02-03, Author: Rob VandenBrink"> <meta name="AUTHOR" content="SANS Internet Storm Center"/> <meta name="KEYWORDS" content="isc, sans, internet, security, threat, worm, virus, phishing, hacking, vulnerability, podcast"/> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/iscfavicon.ico" /> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="canonical" href="https://isc.sans.edu/diary/0" /> <link type="text/css" rel="stylesheet" href="/css/screen.css" /> <link type="text/css" rel="stylesheet" href="/css/msft.css" /> <link type="text/css" rel="stylesheet" href="/css/fontawesome.css" />  <link type="text/css" rel="stylesheet" href="/css/v3.css" /> <link rel="stylesheet" type="text/css" href="/css/bootstrap-modal/bootstrap-modal.min.css"/> <script type="text/javascript" src="/js/jquery-3.7.0.min.js"></script> <script language="javascript" type="text/javascript" src="https://isc.sans.edu/js/count.js"></script> <script src="/js/bootstrap-modal/bootstrap.min.js"></script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "name": "SANS Internet Storm Center", "url": "https://isc.sans.edu/", "logo": "https://isc.sans.edu/images/logos/isc/large.png", "email": "handlers@isc.sans.edu", "address": { "streetAddress": "8120 Woodmont Avenue, Suite 310", "addressLocality": "Bethesda", "addressRegion": "Maryland", "addressCountry": "USA", "postalCode": "20814" }, "sameAs": [ "https://twitter.com/sans_isc" ] } </script> <link href="/css/codesnippet/lib/highlight/styles/default.css" rel="stylesheet"> <link rel="stylesheet" type="text/css" href="/css/teachingschedule.css" /> <script src="/css/codesnippet/lib/highlight/highlight.pack.js"></script> <script src="/js/commentmanagement.js"></script>  </head> <body class="isc"> <div id="container" class="isc-container"> <header id="isc-header"> <div class="eupopup eupopup-top"></div> <h1> <a href="/"> <svg width="80" height="70" viewBox="0 45 125 125" fill="none" xmlns="http://www.w3.org/2000/svg" baseProfile="tiny" overflow="visible"> <path fill="#7A1502" d="M81.5 105.6h1.4v16.1h-1.4zm-8.2-15.2h31.8v1H73.3z"/><path fill="#FFF" d="M0 0h125v125H0z"/><path fill="#7A1502" d="M18.9 78.6h12.8v1.3H26v14.8h-1.5V79.9h-5.6z"/><path fill="none" d="M32.4 83.9c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2zm43.3 0c-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5 4.1-2.5 4.1-5-1.3-5-4.1-5z"/><path fill="#7A1502" d="M32.4 82.7c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2H36c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c.1-3.3-1.4-6.6-5.1-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zm15.4-4.2c1.9 0 2.9 1.1 3.3 2.8h1.4c-.3-2.7-2.2-4-4.7-4-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2 2.6 0 4.4-1.7 4.8-4.5h-1.4c-.2 1.9-1.6 3.3-3.4 3.3-2.7 0-4.1-2.5-4.1-5s1.3-5 4.1-5zm5.4-5.3v16.1h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-6.5h-1.5zM60 83.1v11.6h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2H60zm15.7-.4c-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2s5.5-2.8 5.5-6.2c0-3.3-1.9-6.2-5.5-6.2zm0 11.2c-2.7 0-4.1-2.5-4.1-5s1.4-5 4.1-5 4.1 2.5 4.1 5-1.3 5-4.1 5zM82 78.6h1.4v16.1H82z"/><path fill="none" d="M101.1 83.9c-2.7 0-3.8 2.4-3.8 4.8 0 2.3 1.2 4.6 3.8 4.6 2.5 0 3.7-2.3 3.7-4.6.1-2.2-1-4.8-3.7-4.8zm-7.3 5c0-2.5-1.4-5-4.1-5-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5c2.8 0 4.1-2.5 4.1-5z"/><path fill="#7A1502" d="M95.2 88.9c0-3.3-1.9-6.2-5.5-6.2s-5.5 2.8-5.5 6.2c0 3.3 1.9 6.2 5.5 6.2s5.5-2.9 5.5-6.2zm-9.6 0c0-2.5 1.4-5 4.1-5 2.7 0 4.1 2.5 4.1 5s-1.4 5-4.1 5c-2.7 0-4.1-2.5-4.1-5zm15.5 9.3c-1.6 0-3.1-.6-3.4-2.3h-1.4c.2 2.5 2.5 3.5 4.8 3.5 3.8 0 5.1-2.1 5.2-5.6V83.1h-1.4v2c-.6-1.3-2-2.3-3.7-2.3-3.4 0-5.3 2.7-5.3 5.9 0 3.3 1.5 6 5.3 6 1.7 0 3-1 3.7-2.4v1.6c0 2.7-1.2 4.3-3.8 4.3zm0-4.8c-2.6 0-3.8-2.3-3.8-4.6 0-2.4 1.1-4.8 3.8-4.8 2.7 0 3.7 2.5 3.7 4.8.1 2.3-1.2 4.6-3.7 4.6zm11-.4-3.8-9.9h-1.5l4.6 11.6-.5 1.3c-.5 1.1-.8 1.8-2 1.8-.3 0-.6 0-1-.1v1.2c.2.1.5.1 1.1.1 1.8 0 2.3-.6 3.1-2.5l5.1-13.4h-1.4l-3.7 9.9zm-80.6 3.8H33v16.1h-1.5zm3.3 4.4v11.6h1.4V106c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2h-1.5zM49.7 112c-1.9 0-3.3-1-3.4-2.9h-1.4c.2 2.8 2.1 4.1 4.8 4.1 2.2 0 4.7-1 4.7-3.5 0-2-1.7-3-3.3-3.2l-1.9-.4c-1-.2-2.4-.7-2.4-2 0-1.5 1.5-2 2.8-2 1.6 0 3 .8 3 2.5H54c-.1-2.5-1.9-3.7-4.3-3.7-2.1 0-4.4.9-4.4 3.3 0 2 1.4 2.6 3.2 3.1l1.8.4c1.3.3 2.5.8 2.5 2.1.1 1.6-1.7 2.2-3.1 2.2zm7.6-14.2h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4v-1.2h-2.4v-3.7zm3.5 15.1h1.4v-11.6h-1.4v11.6zm0-13.8h1.4v-2.3h-1.4v2.3z"/><path fill="none" d="M69 63.4h4.5l-2.2-13.7zm23 38.7c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2z"/><path fill="#7A1502" d="M69.2 102.4v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.1-.6-1.1-1.5v-7.8h2.3zm10.5 10.5v-11.6h-1.4v6.1c0 2.4-1.1 4.7-3.5 4.7-2.3 0-3-1.1-3.1-3.2v-7.6h-1.4v7.6c0 2.7 1.1 4.4 4.1 4.4 1.7 0 3.3-.9 4-2.4v2.1h1.3zm6.4-10.5v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4zm5.9-1.5c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2h-1.4c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c0-3.3-1.5-6.6-5.2-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zM60.2 71.7c-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.5-1.6-3.3-3.1-5.6-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4s-1.1-.5-1.7-.5c-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.6.3-1.1.6-1.8.6zm19.7-.5h-1l-4.6-26.4h-3.2l-4.2 22.6c0 .1 0 .2-.1.3-.4 2.1-1.2 3.3-2.3 3.5v.8h5.6v-.8c-.8 0-1.3-.2-1.6-.4-.3-.2-.5-.7-.5-1.2V69c0-.2 0-.4.1-.7l.6-3.9h4.9l1.1 6.9h-1.9v.7h7l.1-.8zM69 63.4l2.3-13.7 2.2 13.7H69zm12.5 6.9c-.3.5-.8.8-1.6.9v.8H86v-.8c-1.1-.1-1.8-.4-2.3-1-.4-.6-.6-1.6-.6-3.1V49.5L92.4 72h.8V48.8c0-1.3.1-2.1.4-2.5.3-.4.8-.6 1.5-.6h.1v-.8h-5.7v.8c.9 0 1.5.3 1.9.8.4.6.6 1.4.6 2.7v12.1l-6.6-16.4h-5.2v.8H82v21.7c0 1.5-.2 2.5-.5 2.9zm21.3-14.7c-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4-.6-.3-1.1-.5-1.7-.5-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.4.5-1 .8-1.7.8-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.7-1.7-3.5-3.2-5.8z"/><path fill="#7A1502" d="M73.8 63.4h31.9v.9H73.8z"/> </svg> </a> <span id="pagetitle"> <a href="/">Internet Storm Center</a></span> </h1> <div class="isc-signin"> <form id="headerSearch" name="searchform" action="/search.html" method="get"> <input type="text" name="q" placeholder="Search...(IP, Port..)" /> <input type="hidden" id="token" name="token" value="6bbd12e99bf60bb7d0b1960aae4f1790470ca056" /> <input class="btn btn-primary" type="submit" name="Search" value="Search"> </form> <div id="smallHeaderLogin"> <a class="btn btn-primary" href="/login.html">Sign In</a> <a class="btn" href="/register.html">Sign Up</a> <a href="#navigation"></a> </div> </header> <div id="content"> <div class="wrapper"> <div class="isc-alerts"> <div> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12A10,10 0 0,0 12,2M7.07,18.28C7.5,17.38 10.12,16.5 12,16.5C13.88,16.5 16.5,17.38 16.93,18.28C15.57,19.36 13.86,20 12,20C10.14,20 8.43,19.36 7.07,18.28M18.36,16.83C16.93,15.09 13.46,14.5 12,14.5C10.54,14.5 7.07,15.09 5.64,16.83C4.62,15.5 4,13.82 4,12C4,7.59 7.59,4 12,4C16.41,4 20,7.59 20,12C20,13.82 19.38,15.5 18.36,16.83M12,6C10.06,6 8.5,7.56 8.5,9.5C8.5,11.44 10.06,13 12,13C13.94,13 15.5,11.44 15.5,9.5C15.5,7.56 13.94,6 12,6M12,11A1.5,1.5 0 0,1 10.5,9.5A1.5,1.5 0 0,1 12,8A1.5,1.5 0 0,1 13.5,9.5A1.5,1.5 0 0,1 12,11Z" /> </svg> Handler on Duty: <a title="Guy Bruneau" href="/handler_list.html#guy-bruneau">Guy Bruneau</a> </div> <div>Threat Level: <a href="/infocon.html" style="text-transform: capitalize; color: green">green</a></div> </div> <div class="main-content"><ul class="diaryPagination"><li><a href="/diary.html?date=2010-02-04">next</a></li></ul> <article> <div class="diary"> <script> function maxarticle() { var article=document.getElementsByTagName('article'); var cn=article[0].className; if ( article[0].className=='fullscreen' ) { article[0].className='normal'; } else { article[0].className='fullscreen'; } } </script> <h1><a href="/forums/diary/Information+Disclosure+Vulnerability+in+Internet+Explorer/8152/" >Information Disclosure Vulnerability in Internet Explorer</a></h1> <div class="ss-container" style="float: right; border: 0px none; margin: 8px 0px 0px 8px;"> <ul class="ss-share"> <li class="ss-share-item"> <a class="ss-share-link ico-fullscreen" title="Full Screen" onclick="maxarticle();"></a> <li class="ss-share-item"> <a class="ss-share-link ico-facebook" title="Share on Facebook" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8152" rel="nofollow" target="_blank"></a> </li> <li class="ss-share-item"> <a class="ss-share-link ico-twitter" title="Share on Twitter" href="http://twitter.com/share?text=Information%20Disclosure%20Vulnerability%20in%20Internet%20Explorer&url=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8152&via=SANS_ISC" rel="nofollow" target="_blank"></a> </li> </ul> </div> <div class="diaryheader"> <b>Published</b>: 2010-02-03. <b>Last Updated</b>: 2010-02-04 02:54:07 UTC<br /> <b>by</b> <a href="https://plus.google.com/101587262224166552564?rel=author" >Johannes Ullrich</a> (Version: 1)<br /> </div> <a class="ico-comments" href="/diary/Information+Disclosure+Vulnerability+in+Internet+Explorer/8152/#comments">8 comment(s)</a> <script language="javascript" type="text/javascript" src="/js/diarycount.js?diary=8152"></script> <div class="diarybody"> <p>Microsoft just publish KB Article 980088 [1] in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.</p> <p>There is currently no patch for this problem. Microsoft advices users to set the Internet and Local Intranet security zone settings to "High". This will cause a prompt before running ActiveX Controlls and active scripting.</p> <p>The attacker needs to know the file name. However, a typical target for this vulnerability would be a configuration file which is typically located at a predictable location.</p> <p>[1] http://www.microsoft.com/technet/security/advisory/980088.mspx</p> <p>------<br /> Johannes B. Ullrich, Ph.D.<br /> <a href="http://www.sans.edu">SANS Technology Institute</a><br /> <a href="http://twitter.com/johullrich">Twitter</a></p> </div> <div class="diarykeywords">Keywords: <a href="/tag.html?tag=advisory">advisory</a> <a href="/tag.html?tag=internet explorer">internet explorer</a> <a href="/tag.html?tag=microsoft">microsoft</a> </div> <a class="ico-comments" href="/diary/Information+Disclosure+Vulnerability+in+Internet+Explorer/8152/#comments">8 comment(s)</a> <div class="diary"> <script> function maxarticle() { var article=document.getElementsByTagName('article'); var cn=article[0].className; if ( article[0].className=='fullscreen' ) { article[0].className='normal'; } else { article[0].className='fullscreen'; } } </script> <h1><a href="/forums/diary/Support+for+Legacy+Browsers/8149/" >Support for Legacy Browsers</a></h1> <div class="ss-container" style="float: right; border: 0px none; margin: 8px 0px 0px 8px;"> <ul class="ss-share"> <li class="ss-share-item"> <a class="ss-share-link ico-fullscreen" title="Full Screen" onclick="maxarticle();"></a> <li class="ss-share-item"> <a class="ss-share-link ico-facebook" title="Share on Facebook" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8149" rel="nofollow" target="_blank"></a> </li> <li class="ss-share-item"> <a class="ss-share-link ico-twitter" title="Share on Twitter" href="http://twitter.com/share?text=Support%20for%20Legacy%20Browsers&url=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8149&via=SANS_ISC" rel="nofollow" target="_blank"></a> </li> </ul> </div> <div class="diaryheader"> <b>Published</b>: 2010-02-03. <b>Last Updated</b>: 2010-02-03 18:12:40 UTC<br /> <b>by</b> <a href="/handler_list.html#rob-vandenbrink">Rob VandenBrink</a> (Version: 1)<br /> </div> <a class="ico-comments" href="/diary/Support+for+Legacy+Browsers/8149/#comments">4 comment(s)</a> <script language="javascript" type="text/javascript" src="/js/diarycount.js?diary=8149"></script> <div class="diarybody"> <p>As part of the discussion we had last week on Neo Legacy Applications ( http://isc.sans.org/diary.html?storyid=8116 ), the topic of applications that require old browsers came up.  A wonderful example of how old browser support can be handled, phasing older code out gracefully, is Google's recent announcement that they'll be withdrawing support for IE6 and other older browsers, found here ==> http://googleenterprise.blogspot.com/2010/01/modern-browsers-for-modern-applications.html<br /> <br /> However, Google's approach is not typical.  Often when an internal business application is released, it's list of supported browsers remains frozen, even as time marches on, and newer browser versions are released.<br /> <br /> I've seen this myself - I've got a few clients who have spent 6 figures on new business systems, only to find that by the time they get from the pilot to a working system, that Microsoft has gone forward with a new version of IE.  What tends to happen then?  Why the business system vendor of course says they don't support the new browser, and for a nominal (5 figure) sum, they can upgrade to the new version that supports the newer IE version.<br /> <br /> So this brings up two issues:<br /> 1/ I can see the position of the vendor, that it takes money to re-certify and maybe fix an application for the new browser version.  But is this a responsible approach?  Should this be a big-ticket app upgrade for the customer? Should a customer's maintenance agreement cover things like this?<br /> <br /> 2/ What happens in real life is that the management at the client company says "we just spent 200K on this system, and they want another 40k just for the new browser support - we'll show them! We'll stay at the old browser version".  Did you hear the silent "Forever!" at the end of that sentence?   So what you find is old browser versions hanging around much longer than they should - on every machine in the company !  Yes, I still have clients running IE6 for this very reason.  <br /> <br /> I've had people say "You could just virtualize a machine with the old browser", but there are a couple of problems with that.  If it's a real VM (like in VMware Workstation for instance), remember that this app is running the *business system* - it needs to do things like access other apps, print, save files on the local disk, all that other stuff that you do when people do their job.  Running a VM makes that a little weird for anyone who's not tech-savvy.  Plus you have to buy that second windows CAL (unless you run IE in Linux that is)<br /> <br /> Because the browser is so integrated into the OS, streaming the app using an on-demand installer (thinapp for instance), doesn't work so well either.  While running IE6 and IE8 on the same box is certainly possible (there's some good tech docs on this, and it really does work ok), It's a very complex process, and remember, our target audience is people in accounting or on the factory floor.<br /> <br /> What I've seen done successfully is to run a terminal server or Citrix server (XENApp now), and keep the old browser and other required components there.  When we built this, we isolated the hosting server so that it has not HTTP access to the internet, in an attempt to try to mitigate against the IE6 problems.<br /> <br /> Either way, it's an expensive way to go - has anyone out there seen a different, cheaper or more effective way to deal with being forced to keep an older browser? <br /> <br />  </p> <p>=============== Rob VandenBrink Metafore ==============</p> </div> <div class="diarykeywords">Keywords: <a href="/tag.html?tag=Support Legacy Browsers">Support Legacy Browsers</a> </div> <a class="ico-comments" href="/diary/Support+for+Legacy+Browsers/8149/#comments">4 comment(s)</a><div class="oneliner">Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) <a href="https://blogs.sans.org/appsecstreetfighter/">https://blogs.sans.org/appsecstreetfighter/</a></div> <div class="diary"> <script> function maxarticle() { var article=document.getElementsByTagName('article'); var cn=article[0].className; if ( article[0].className=='fullscreen' ) { article[0].className='normal'; } else { article[0].className='fullscreen'; } } </script> <h1><a href="/forums/diary/APPLESA201002021+iPhone+OS+313+and+iPhone+OS+313+for+iPod+touch/8143/" >APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch</a></h1> <div class="ss-container" style="float: right; border: 0px none; margin: 8px 0px 0px 8px;"> <ul class="ss-share"> <li class="ss-share-item"> <a class="ss-share-link ico-fullscreen" title="Full Screen" onclick="maxarticle();"></a> <li class="ss-share-item"> <a class="ss-share-link ico-facebook" title="Share on Facebook" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8143" rel="nofollow" target="_blank"></a> </li> <li class="ss-share-item"> <a class="ss-share-link ico-twitter" title="Share on Twitter" href="http://twitter.com/share?text=APPLE-SA-2010-02-02-1%20iPhone%20OS%203.1.3%20and%20iPhone%20OS%203.1.3%20for%20iPod%20touch&url=https%3A%2F%2Fisc.sans.edu%2Fforums%2Fdiary%2F8143&via=SANS_ISC" rel="nofollow" target="_blank"></a> </li> </ul> </div> <div class="diaryheader"> <b>Published</b>: 2010-02-03. <b>Last Updated</b>: 2010-02-03 13:41:25 UTC<br /> <b>by</b> <a href="/handler_list.html#rob-vandenbrink">Rob VandenBrink</a> (Version: 1)<br /> </div> <a class="ico-comments" href="/diary/APPLESA201002021+iPhone+OS+313+and+iPhone+OS+313+for+iPod+touch/8143/#comments">1 comment(s)</a> <script language="javascript" type="text/javascript" src="/js/diarycount.js?diary=8143"></script> <div class="diarybody"> <p>Several security issues are addressed for iPhone OS in this update.  All of them are applicable to iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2.  The update will bring your device up to OS 3.1.3</p> <p>Almost all of the issues addressed are serious - many of them are buffer overflow conditions allowing arbitrary code execution for common iPhone activities:</p> <ul> <li>watching a maliciously crafted MP4 video</li> <li>viewing a malicious TIFF graphic</li> <li>accessing a (again, maliciously crafted) FTP site.</li> <li>There's also a particularly nasty one that uses a memory corruption issue to bypass the iPhone password (via a crafted USB control message), allowing access to user data on the phone.</li> </ul> <p>These are referenced as CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841</p> <p>These updates are available on iTunes - more information on the issues and update procedure can be found at http://support.apple.com/kb/HT4013 , or the main security update site at http://support.apple.com/kb/HT1222</p> <p>The recommendation is to update your device to OS 3.1.3 as soon as possible.</p> <p> </p> <p>=============== Rob VandenBrink Metafore ===================</p> </div> <div class="diarykeywords">Keywords: <a href="/tag.html?tag=iPhone iPod Touch 313 Apple">iPhone iPod Touch 313 Apple</a> </div> <a class="ico-comments" href="/diary/APPLESA201002021+iPhone+OS+313+and+iPhone+OS+313+for+iPod+touch/8143/#comments">1 comment(s)</a></article> <ul class="diaryPagination"><li><a href="/diary.html?date=2010-02-04">next</a></li></ul><div id="comment-section"> <a id="comments"></a> <h3>Comments</h3></div> <div class="isc-card"> <p><a href="/login">Login here to join the discussion.</a></p> </div><br /> <div id="myModal" class="modal">  <span class="close">×</span>  <img class="modal-content" id="img01" alt="modal content">  <div id="caption"></div> </div> <a class="diaryArchive" href="/diaryarchive.html">Diary Archives</a> <script type="text/javascript"> 'use strict'; hljs.initHighlightingOnLoad(); var block = $('.diary-body pre code'); if (block.length > 0) { block.parent().wrap('<div class="code-wrapper"></div>') } </script> </div> </div> </div> <span id="isc-menu" class="isc-menu" tabindex="0" aria-label="Open the menu"> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> </span> <div id="navigation" class="isc-nav"> <ul> <li> <a href="/index.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M10,20V14H14V20H19V12H22L12,3L2,12H5V20H10Z" /> </svg> Homepage </a> </li> <li class="active"> <a href="/diaryarchive.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17.5 14.33C18.29 14.33 19.13 14.41 20 14.57V16.07C19.38 15.91 18.54 15.83 17.5 15.83C15.6 15.83 14.11 16.16 13 16.82V15.13C14.17 14.6 15.67 14.33 17.5 14.33M13 12.46C14.29 11.93 15.79 11.67 17.5 11.67C18.29 11.67 19.13 11.74 20 11.9V13.4C19.38 13.24 18.54 13.16 17.5 13.16C15.6 13.16 14.11 13.5 13 14.15M17.5 10.5C15.6 10.5 14.11 10.82 13 11.5V9.84C14.23 9.28 15.73 9 17.5 9C18.29 9 19.13 9.08 20 9.23V10.78C19.26 10.59 18.41 10.5 17.5 10.5M21 18.5V7C19.96 6.67 18.79 6.5 17.5 6.5C15.45 6.5 13.62 7 12 8V19.5C13.62 18.5 15.45 18 17.5 18C18.69 18 19.86 18.16 21 18.5M17.5 4.5C19.85 4.5 21.69 5 23 6V20.56C23 20.68 22.95 20.8 22.84 20.91C22.73 21 22.61 21.08 22.5 21.08C22.39 21.08 22.31 21.06 22.25 21.03C20.97 20.34 19.38 20 17.5 20C15.45 20 13.62 20.5 12 21.5C10.66 20.5 8.83 20 6.5 20C4.84 20 3.25 20.36 1.75 21.07C1.72 21.08 1.68 21.08 1.63 21.1C1.59 21.11 1.55 21.12 1.5 21.12C1.39 21.12 1.27 21.08 1.16 21C1.05 20.89 1 20.78 1 20.65V6C2.34 5 4.18 4.5 6.5 4.5C8.83 4.5 10.66 5 12 6C13.34 5 15.17 4.5 17.5 4.5Z" /> </svg> Diaries </a> </li> <li> <a href="/podcast.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17,18.25V21.5H7V18.25C7,16.87 9.24,15.75 12,15.75C14.76,15.75 17,16.87 17,18.25M12,5.5A6.5,6.5 0 0,1 18.5,12C18.5,13.25 18.15,14.42 17.54,15.41L16,14.04C16.32,13.43 16.5,12.73 16.5,12C16.5,9.5 14.5,7.5 12,7.5C9.5,7.5 7.5,9.5 7.5,12C7.5,12.73 7.68,13.43 8,14.04L6.46,15.41C5.85,14.42 5.5,13.25 5.5,12A6.5,6.5 0 0,1 12,5.5M12,1.5A10.5,10.5 0 0,1 22.5,12C22.5,14.28 21.77,16.39 20.54,18.11L19.04,16.76C19.96,15.4 20.5,13.76 20.5,12A8.5,8.5 0 0,0 12,3.5A8.5,8.5 0 0,0 3.5,12C3.5,13.76 4.04,15.4 4.96,16.76L3.46,18.11C2.23,16.39 1.5,14.28 1.5,12A10.5,10.5 0 0,1 12,1.5M12,9.5A2.5,2.5 0 0,1 14.5,12A2.5,2.5 0 0,1 12,14.5A2.5,2.5 0 0,1 9.5,12A2.5,2.5 0 0,1 12,9.5Z" /> </svg> Podcasts </a> </li> <li> <a href="/jobs"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.5,12C18,12 20,14 20,16.5C20,17.38 19.75,18.21 19.31,18.9L22.39,22L21,23.39L17.88,20.32C17.19,20.75 16.37,21 15.5,21C13,21 11,19 11,16.5C11,14 13,12 15.5,12M15.5,14A2.5,2.5 0 0,0 13,16.5A2.5,2.5 0 0,0 15.5,19A2.5,2.5 0 0,0 18,16.5A2.5,2.5 0 0,0 15.5,14M10,4A4,4 0 0,1 14,8C14,8.91 13.69,9.75 13.18,10.43C12.32,10.75 11.55,11.26 10.91,11.9L10,12A4,4 0 0,1 6,8A4,4 0 0,1 10,4M2,20V18C2,15.88 5.31,14.14 9.5,14C9.18,14.78 9,15.62 9,16.5C9,17.79 9.38,19 10,20H2Z" /> </svg> Jobs </a> </li> <li> <a href="/data"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M19 3H5C3.9 3 3 3.9 3 5V19C3 20.1 3.9 21 5 21H19C20.1 21 21 20.1 21 19V5C21 3.9 20.1 3 19 3M9 17H7V10H9V17M13 17H11V7H13V17M17 17H15V13H17V17Z" /> </svg> Data </a> <ul> <li><a href="/data/port.html">TCP/UDP Port Activity</a></li> <li><a href="/data/trends.html">Port Trends</a></li> <li><a href="/data/ssh.html">SSH/Telnet Scanning Activity</a></li> <li><a href="/weblogs">Weblogs</a></li> <li><a href="/data/threatfeed.html">Threat Feeds Activity</a></li> <li><a href="/data/threatmap.html">Threat Feeds Map</a></li> <li><a href="/data/links.html">Useful InfoSec Links</a></li> <li><a href="/data/presentation.html">Presentations & Papers</a></li> <li><a href="/data/researchpapers.html">Research Papers</a></li> <li><a href="/api">API</a></li> </ul> </li> <li> <a href="/tools/"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M22.7,19L13.6,9.9C14.5,7.6 14,4.9 12.1,3C10.1,1 7.1,0.6 4.7,1.7L9,6L6,9L1.6,4.7C0.4,7.1 0.9,10.1 2.9,12.1C4.8,14 7.5,14.5 9.8,13.6L18.9,22.7C19.3,23.1 19.9,23.1 20.3,22.7L22.6,20.4C23.1,20 23.1,19.3 22.7,19Z" /> </svg> Tools </a> <ul> <li class="first"><a href="/howto.html">DShield Sensor</a></li> <li><a href="/tools/dnslookup">DNS Looking Glass</a></li> <li><a href="/tools/honeypot">Honeypot (RPi/AWS)</a></li> <li><a href="/tools/glossary">InfoSec Glossary</a></li> </ul> </li> <li> <a href="/contact.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.07,11.25L14.17,12.17C13.45,12.89 13,13.5 13,15H11V14.5C11,13.39 11.45,12.39 12.17,11.67L13.41,10.41C13.78,10.05 14,9.55 14,9C14,7.89 13.1,7 12,7A2,2 0 0,0 10,9H8A4,4 0 0,1 12,5A4,4 0 0,1 16,9C16,9.88 15.64,10.67 15.07,11.25M13,19H11V17H13M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12C22,6.47 17.5,2 12,2Z" /> </svg>Contact Us </a> <ul> <li class="first"><a href="/contact.html">Contact Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> </ul> <li> <a href="/about.html"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 30" width="20px" height="20px"><path fill="currentColor" d="M 15.001953 3.9921875 C 12.801953 3.9921875 11.001953 5.7821875 11.001953 7.9921875 C 11.001953 10.202188 12.801953 11.992188 15.001953 11.992188 C 17.211953 11.992188 19.011719 10.202187 19.011719 7.9921875 C 19.011719 5.7821875 17.211953 3.9921875 15.001953 3.9921875 z M 6.0019531 8.0039062 C 3.7919531 8.0039062 2.0019531 9.7939062 2.0019531 12.003906 C 2.0019531 14.213906 3.7919531 16.003906 6.0019531 16.003906 C 8.2119531 16.003906 10.001953 14.213906 10.001953 12.003906 C 10.001953 9.7939062 8.2119531 8.0039062 6.0019531 8.0039062 z M 6.0019531 16.003906 L 5.0019531 16.003906 C 2.7919531 16.003906 1.0019531 17.793906 1.0019531 20.003906 L 1.0019531 22.992188 C 1.0019531 23.542188 1.4519531 23.992188 2.0019531 23.992188 L 28.001953 23.992188 C 28.551953 23.992188 29.001953 23.542188 29.001953 22.992188 L 29.001953 20.003906 C 29.001953 17.793906 27.211953 16.003906 25.001953 16.003906 L 24.001953 16.003906 L 23.001953 16.003906 C 22.151953 16.003906 21.362891 16.272422 20.712891 16.732422 C 20.042891 15.142422 18.311719 13.992187 16.261719 13.992188 L 13.751953 13.992188 C 11.701953 13.992188 9.9727344 15.142187 9.3027344 16.742188 C 8.6527344 16.282187 7.8619531 16.003906 7.0019531 16.003906 L 6.0019531 16.003906 z M 24.001953 16.003906 C 26.211953 16.003906 28.001953 14.213906 28.001953 12.003906 C 28.001953 9.7939062 26.211953 8.0039062 24.001953 8.0039062 C 21.791953 8.0039062 20.001953 9.7939062 20.001953 12.003906 C 20.001953 14.213906 21.791953 16.003906 24.001953 16.003906 z M 6.0019531 10.003906 C 7.1019531 10.003906 8.0019531 10.903906 8.0019531 12.003906 C 8.0019531 13.103906 7.1019531 14.003906 6.0019531 14.003906 C 4.9019531 14.003906 4.0019531 13.103906 4.0019531 12.003906 C 4.0019531 10.903906 4.9019531 10.003906 6.0019531 10.003906 z M 24.001953 10.003906 C 25.101953 10.003906 26.001953 10.903906 26.001953 12.003906 C 26.001953 13.103906 25.101953 14.003906 24.001953 14.003906 C 22.901953 14.003906 22.001953 13.103906 22.001953 12.003906 C 22.001953 10.903906 22.901953 10.003906 24.001953 10.003906 z M 5.0019531 18.003906 L 7.0019531 18.003906 C 8.0819531 18.003906 9.0019531 18.923906 9.0019531 20.003906 L 9.0019531 21.992188 L 3.0019531 21.992188 L 3.0019531 20.003906 C 3.0019531 18.903906 3.9019531 18.003906 5.0019531 18.003906 z M 23.001953 18.003906 L 25.001953 18.003906 C 26.081953 18.003906 27.001953 18.923906 27.001953 20.003906 L 27.001953 21.992188 L 21.011719 21.992188 L 21.011719 19.902344 C 21.061719 18.852344 21.931953 18.003906 23.001953 18.003906 z"/></svg> About Us</a></li> </ul>   <div class="questions-sidebar"> <svg width="16" height="16" class="c-nav--footer__svgicon c-slackhash" viewBox="0 0 54 54" xmlns="http://www.w3.org/2000/svg"> <g fill="none" fill-rule="evenodd"> <path d="M19.712.133a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386h5.376V5.52A5.381 5.381 0 0 0 19.712.133m0 14.365H5.376A5.381 5.381 0 0 0 0 19.884a5.381 5.381 0 0 0 5.376 5.387h14.336a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386" fill="#435165"></path> <path d="M53.76 19.884a5.381 5.381 0 0 0-5.376-5.386 5.381 5.381 0 0 0-5.376 5.386v5.387h5.376a5.381 5.381 0 0 0 5.376-5.387m-14.336 0V5.52A5.381 5.381 0 0 0 34.048.133a5.381 5.381 0 0 0-5.376 5.387v14.364a5.381 5.381 0 0 0 5.376 5.387 5.381 5.381 0 0 0 5.376-5.387" fill="#435165"></path> <path d="M34.048 54a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386h-5.376v5.386A5.381 5.381 0 0 0 34.048 54m0-14.365h14.336a5.381 5.381 0 0 0 5.376-5.386 5.381 5.381 0 0 0-5.376-5.387H34.048a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386" fill="#435165"></path> <path d="M0 34.249a5.381 5.381 0 0 0 5.376 5.386 5.381 5.381 0 0 0 5.376-5.386v-5.387H5.376A5.381 5.381 0 0 0 0 34.25m14.336-.001v14.364A5.381 5.381 0 0 0 19.712 54a5.381 5.381 0 0 0 5.376-5.387V34.25a5.381 5.381 0 0 0-5.376-5.387 5.381 5.381 0 0 0-5.376 5.387" fill="#435165"></path> </g> </svg> <a rel="noopener" href="/slack/index.html">Slack Channel</a> </div>  <div class="questions-spacer"></div>  <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 54 74" fill="black" xmlns="http://www.w3.org/2000/svg" class="c-nav--footer__svgicon c-slackhash"> <path d="M73.7014 17.4323C72.5616 9.05152 65.1774 2.4469 56.424 1.1671C54.9472 0.950843 49.3518 0.163818 36.3901 0.163818H36.2933C23.3281 0.163818 20.5465 0.950843 19.0697 1.1671C10.56 2.41145 2.78877 8.34604 0.903306 16.826C-0.00357854 21.0022 -0.100361 25.6322 0.068112 29.8793C0.308275 35.9699 0.354874 42.0498 0.91406 48.1156C1.30064 52.1448 1.97502 56.1419 2.93215 60.0769C4.72441 67.3445 11.9795 73.3925 19.0876 75.86C26.6979 78.4332 34.8821 78.8603 42.724 77.0937C43.5866 76.8952 44.4398 76.6647 45.2833 76.4024C47.1867 75.8033 49.4199 75.1332 51.0616 73.9562C51.0841 73.9397 51.1026 73.9184 51.1156 73.8938C51.1286 73.8693 51.1359 73.8421 51.1368 73.8144V67.9366C51.1364 67.9107 51.1302 67.8852 51.1186 67.862C51.1069 67.8388 51.0902 67.8184 51.0695 67.8025C51.0489 67.7865 51.0249 67.7753 50.9994 67.7696C50.9738 67.764 50.9473 67.7641 50.9218 67.7699C45.8976 68.9569 40.7491 69.5519 35.5836 69.5425C26.694 69.5425 24.3031 65.3699 23.6184 63.6327C23.0681 62.1314 22.7186 60.5654 22.5789 58.9744C22.5775 58.9477 22.5825 58.921 22.5934 58.8965C22.6043 58.8721 22.621 58.8505 22.6419 58.8336C22.6629 58.8167 22.6876 58.8049 22.714 58.7992C22.7404 58.7934 22.7678 58.794 22.794 58.8007C27.7345 59.9796 32.799 60.5746 37.8813 60.5733C39.1036 60.5733 40.3223 60.5733 41.5447 60.5414C46.6562 60.3996 52.0437 60.1408 57.0728 59.1694C57.1983 59.1446 57.3237 59.1233 57.4313 59.0914C65.3638 57.5847 72.9128 52.8555 73.6799 40.8799C73.7086 40.4084 73.7803 35.9415 73.7803 35.4523C73.7839 33.7896 74.3216 23.6576 73.7014 17.4323ZM61.4925 47.3144H53.1514V27.107C53.1514 22.8528 51.3591 20.6832 47.7136 20.6832C43.7061 20.6832 41.6988 23.2499 41.6988 28.3194V39.3803H33.4078V28.3194C33.4078 23.2499 31.3969 20.6832 27.3894 20.6832C23.7654 20.6832 21.9552 22.8528 21.9516 27.107V47.3144H13.6176V26.4937C13.6176 22.2395 14.7157 18.8598 16.9118 16.3545C19.1772 13.8552 22.1488 12.5719 25.8373 12.5719C30.1064 12.5719 33.3325 14.1955 35.4832 17.4394L37.5587 20.8853L39.6377 17.4394C41.7884 14.1955 45.0145 12.5719 49.2765 12.5719C52.9614 12.5719 55.9329 13.8552 58.2055 16.3545C60.4017 18.8574 61.4997 22.2371 61.4997 26.4937L61.4925 47.3144Z" fill="inherit"/> </svg> <a rel="me" href="https://infosec.exchange/@sans_isc">Mastodon</a> </div>  <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 54" width="24px" height="24px"><circle cx="28" cy="20" r="12" fill="#9fd5ed"/><circle cx="37" cy="28" r="9" fill="#9fd5ed"/><circle cx="30" cy="29" r="9" fill="#9fd5ed"/><circle cx="18" cy="29" r="9" fill="#9fd5ed"/><circle cx="24" cy="28" r="9" fill="#9fd5ed"/><circle cx="11" cy="28" r="9" fill="#9fd5ed"/><circle cx="15" cy="21" r="7" fill="#9fd5ed"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWya" cx="28" cy="20" r="12" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="28" cy="20" r="12" fill="url(#UWqm9mhW35Ao~JVa4RzWya)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyb" cx="37" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="37" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyb)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyc" cx="30" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="30" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyc)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyd" cx="18" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="18" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyd)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWye" cx="24" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="24" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWye)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyf" cx="11" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="11" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyf)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyg" cx="15" cy="21" r="7" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="15" cy="21" r="7" fill="url(#UWqm9mhW35Ao~JVa4RzWyg)"/></svg> <a rel="me" href="https://bsky.app/profile/sansisc.bsky.social">Bluesky</a> </div> <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 1200 1227" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M714.163 519.284L1160.89 0H1055.03L667.137 450.887L357.328 0H0L468.492 681.821L0 1226.37H105.866L515.491 750.218L842.672 1226.37H1200L714.137 519.284H714.163ZM569.165 687.828L521.697 619.934L144.011 79.6944H306.615L611.412 515.685L658.88 583.579L1055.08 1150.3H892.476L569.165 687.854V687.828Z" fill="black"/> </svg> <a rel="noopener" href="https://twitter.com/sans_isc">X</a> </div> <div id="sidebar"> <a href=""> <img class="lazyload" src="/adimg.html?id="> </a> </div> </div> <div id="footer"> <div class="footer-container"> <div class="footer-links"> <span>© 2024 SANS™ Internet Storm Center</span> <span>Developers: We have an <a href="/api/">API</a> for you!   <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/"><img class="lazyload" alt="Creative Commons License" src="/images/cc.png"></a></span> <ul id="footLinks"> <li><a href="/linkback.html">Link To Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> <li><a href="/privacy.html">Privacy Policy</a></li> </ul> </div> <div class="footer-social"> <ul id="socialIconsFoot"> <li><a rel="noopener" href="https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A"><span class="youtube"></span></a></li> <li class="twitter"><a rel="noopener" href="https://twitter.com/sans_isc"><span class="twitter"></span></a></li> <li class="linkedin"><a rel="noopener" href="https://www.linkedin.com/groups?gid=35470"><span class="linkedin"></span></a></li> <li class="mastodon"><a rel="noopener" href="https://infosec.exchange/@sans_isc"><span class="mastodon"></span></a></li> <li class="rss"><a href="/xml.html"><span class="rss"></span></a></li> </ul> </div> </div> </div> <script type="text/javascript" src="/js/main.js"></script> <script language="JavaScript" type="text/javascript" src="/js/menu.js"></script> </div> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=80880732" async></script></body></html>