Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Flyer is ready

Published: 2008-05-30
Last Updated: 2008-06-02 13:24:55 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)
Update: I just made live a first update based on some of the feedback we got. The changes affect mostly the Windows/Unix comparison section. I considered removing it as its very hard to make it "perfect". But I think its good enough. Please be aware that there are a number of different Windows and Unix versions and not all commands exist on each Windows/Unix version. Maybe a flyer to compare them is next :-). Another suggestion was to add color. I will keep it black/white for now to make it easy to print. Maybe a color version will be offered later.

The new ISC flyer is ready. Thanks everybody for their feedback. We got about 50 people sending suggestions about what to include. What you find in this version of a flyer is based on the most frequently requested features, with some consideration to space.

We offer the flyer as a PDF. In order to print it, you need legal size paper. However, we plan to include the flyer in our next SANSFIRE mailing. If you are interested to receive this flyer and currently do not receive any SANS mailings, make sure you are registered at the SANS portal (complete and correct mailing address is important of course).

To download the flyer: http://isc.sans.org/presentations/iscflyer.pdf

While I was working on this, I also added links to some other flyers/cheatsheets SANS offers for download. See http://isc.sans.org/presentations.

the ultimate goal is to setup a "make your own flyer" web-application. But this will take a while. Layout of the flyer is rather tricky as we try to squeeze as much content as possible into it.

Corrections / suggestions: Please use our contact page.

------
Johannes Ullrich

Keywords: ISC
0 comment(s)

Where did my domain go?

Published: 2008-05-30
Last Updated: 2008-05-30 12:25:15 UTC
by Mark Hofman (Version: 1)
1 comment(s)


This is a question you don’t want to be asking yourself looking at where your main web page should be.   Steve L, wrote in yesterday and mentioned that the Comcast network web site at Comcast.net looked like it was under construction.  I wrote it off as website maintenance (sorry Steve).  I guess it was a little bit more than that (in my defence it was an under construction notice, which some people put up when performing maintenance on their site).  That changed a little later on in the evening.   

Comcast had their domain snaffled away from them.   The account Comcast uses with Network Solutions was used to alter the records and redirect the site.  It won’t be the last time this happens.  People have reported Phishing increased attempts to gain access to registrar accounts.   The registrar I use is actively training its clients to click links in the numerous emails they send promoting stuff, probably not one of their better ideas and I doubt they are on their own in this practice.

There is money to be made in domain names.  We all understand the value of branding and getting the right name can help launch a product, company or people.   Registrars earn their living by providing as many names as possible, the process therefore has to be easy and flexible, hence the click here in emails.  Now hands up who can actually remember the userid and password they use for their registrar?  (ps feel free to mail them in   ).  Pretty much every time I need to do something with the registrar I have to request the password or, depending on the registrar, you can fax a request, on letterhead, through to them for action.  In a past life when we needed access to the client’s domain information, we would typically just fax through a request to the registrar on letterhead (yes with permission).  About 30 minutes later we’d have access to the domain.  I’m not saying it is still as easy, but.....

Which brings me to a friend of mine (no sniggering Mike), his mate had his domain name taken from him.  It came up for registration and due to timezones, he paid late.  Turns out someone was watching the domain and snapped it up as soon as it expired.  Two years of building a brand, gone in a few minutes.  He could get it back for a bargain, USD$10,000.   In another case the email address associated with the registrar account was changed (letterhead request), then a simple password reset and a transfer, voila one domain name gone.   If you spend some time on certain sites, you soon see that there are groups dedicated to grabbing desirable domain names, especially those that have established sites.  Of course the SPAM and malware delivery side of the business does equally well.

The moral of the story, protecting something as seemingly trivial as the userid and password of the account used to manage your domain names can make or break a business.  Luckily some registrars play ball and help out in these situations, but around the globe there are certainly some challenges.

Mark H - Shearwater

Keywords:
1 comment(s)
Diary Archives