Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-04-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

port 443 / https increase

Published: 2007-04-20
Last Updated: 2007-04-20 19:08:44 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
We do see a significant increase in 443 scans. However, there is no "current" vulnerability that would explain it.

If you see attacks against https servers, please let us know and send in packet (including any web server logs if they would show an effect of the attack)

Try to limit packet submissions to "suspect" packets that either cause suspect server behaviour or trigger an IDS.

isc.sans.org/port.html
Keywords:
0 comment(s)

IRA Tax Glitch

Published: 2007-04-20
Last Updated: 2007-04-20 17:18:51 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
Some mutual fund companies, banks, and others that provide Individual Retirement Accounts (IRAs) in the United States are discovering that their computers might have made a mistake on Tuesday.  Normally, US taxes are due on April 15th, and you are allowed to make contributions to your IRA with credit to the previous year as long as the contribution arrives on or before "tax day".  This year, April 15th was on a Sunday so there is a normal extension to Monday, April 16th.  But this year was a bit unique.  April 16th is Emancipation Day in Washington DC, and is now celebrated as a holiday for the District of Columbia following legislation signed by the District's Mayor in January 2005.  The effect on taxes is that the new "tax day" becomes April 17th for everybody in the US.  Unfortunately not all computers (and many printed tax forms) were changed to reflect the new date.

So the issue with some banks and mutual fund companies is that customers using their web interfaces on Tuesday for IRA contributions were allowed to select 2006 as the year for which a deposit was credited.  However, the back-side computers were programmed to only allow 2007 contributions after midnight the night before.  So, if you made a 2006 contribution on Tuesday via a web portal or other online service, you should check to make sure that you were accurately credited for 2006 and that your contribution did not get recorded for 2007.

The next time this happens will be in April of 2012.  Let's see if the computers get the word.

Marcus H. Sachs
Director, SANS Internet Storm Center
Keywords:
0 comment(s)
Diary Archives