More CERT Documents Leaked
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

More CERT Documents Leaked

Written By
Dennis Fisher
Dennis Fisher
Mar 21, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The same person who earlier this week posted three unpublished CERT Coordination Center vulnerability reports to a security mailing list has again posted more of CERTs internal communications and has promised to post further documents on a weekly basis.

This time, the person going by the name Hack4life, has published an e-mail message from a CERT employee advising an unnamed group of portal Web sites about potential vulnerabilities related to the use of Web redirectors by spammers.

In the message, submitted Friday afternoon to the Full Disclosure list, Hack4life writes that these actions are intended to remind the Internet community that “holes are not released to help the admins, they are there to help the hackers and that is who should be using them!”

Hack4life goes on to say that all future vulnerability reports will be released at 7 p.m. on Friday “to give hackers the maximum amount of time to actively exploit the vulnerability before sys-admins, CERT and vendors can act to patch the issue on Monday morning after their weekend off.”

The message that Hack4life posted Friday is an e-mail supposedly written by Ian Finlay, an Internet systems security analyst at CERT, based at Carnegie Mellon University, in Pittsburgh. The e-mail describes a technique that spammers have apparently begun using to make recipients believe theyre clicking on a link to a legitimate site, such as MSN. In reality, the URL takes them to a Web redirector on the legitimate page, which then bounces them to the spammers page.

“This could be a hostile site, an unsavory site, or worse, a site mocked up to look like the trusted site in an attempt to further trick the user,” Finlay writes in the message. He asks the recipients of the message—who are not identified in the Full Disclosure posting—to inspect their sites and evaluate their potential exposure to the problem.

Hack4life last weekend posted to Full Disclosure three vulnerability advisories that CERT had written and shared with software vendors, but had not yet released to the general public. CERT officials said they believe the documents had been deliberately leaked by someone with legitimate access to them. However, in some published reports this week, Hack4life took credit for stealing the reports from CERTs computers.

A CERT spokesman was not immediately available to comment on this story.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information