More CERT Documents Leaked

By Dennis Fisher

March 21, 2003

http://www.eweek.com/article2/0,3959,962683,00.asp

The same person who earlier this week posted three unpublished CERT Coordination Center vulnerability reports to a security mailing list has again posted more of CERT's internal communications and has promised to post further documents on a weekly basis.

This time, the person going by the name Hack4life, has published an e-mail message from a CERT employee advising an unnamed group of portal Web sites about potential vulnerabilities related to the use of Web redirectors by spammers.

In the message, submitted Friday afternoon to the Full Disclosure list, Hack4life writes that these actions are intended to remind the Internet community that "holes are not released to help the admins, they are there to help the hackers and that is who should be using them!"

Hack4life goes on to say that all future vulnerability reports will be released at 7 p.m. on Friday "to give hackers the maximum amount of time to actively exploit the vulnerability before sys-admins, CERT and vendors can act to patch the issue on Monday morning after their weekend off."

[..]


main page ATTRITION feedback