|Main Archive Page > Month Archives > full-disclosure-uk archives|
Their PGP keys have expired =)
Sending email to US-CERT
When sending sensitive information to US-CERT via email, we encourage you to encrypt your messages. US-CERT uses multiple public keys based upon their purpose. If the purpose of your communication is a cyber security incident report, vulnerability report, or any other technical question related to cyber security, please use the following key:
User ID: US-CERT Security Operations Center <email@example.com>
Key ID: B832BE70
Key Type: RSA
Key size: 2048
Fingerprint: 195E 7A9E CCD9 9504 3CA7 E26E 13D4 4840 B832 BE70
Information about other keys can be found on Contacting US-CERT.
Receiving publications in email from US-CERT
US-CERT signs the email distribution of all US-CERT publications, including Cyber Security Alerts, Technical Cyber Security Alerts, Cyber Security Bulletins and Cyber Security Tips with the following key:
User ID: US-CERT Publications Key <firstname.lastname@example.org>
Key ID: 0x3E1F88AB
Key Type: RSA
Key Size: 2048
Fingerprint: E0BF 6D0E 88C1 1FFC F93F 571B 7207 9633 3E1F 88AB
On Sun, Jan 11, 2009 at 10:29 PM, Chris Wallis <email@example.com> wrote:
> Just got this from US Cert. With what's going on with this list. I fought
> I might share with you all...
> With some of the crap on this list lately I really do hope it is spambots...
> ~Chris Wallis
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> US-CERT Current Activity
> Malicious Code Circulating via Israel/Hamas Conflict Spam Messages
> Original release date: January 9, 2009 at 9:25 am Last revised: January 9,
> 2009 at 9:25 am
> US-CERT is aware of public reports of malicious code circulating via spam
> email messages related to the Israel/Hamas conflict in Gaza.
> These messages may contain factual information about the conflict and
> appear to come from CNN. Additionally, the messages indicate that
> additional news coverage of the conflict can be viewed by following a link
> provided in the email body. If users click on this link, they are
> redirected to a bogus CNN website that appears to contain a video.
> Users who attempt to view this video will be prompted to update to a new
> version of Adobe Flash Player in order to view the video. This update is
> not a legitimate Adobe Flash Player update; it is malicious code. If users
> download this executable file, malicious code may be installed on their
> US-CERT encourages users and administrators to take the following
> preventative measures to help mitigate the security risks:
> * Install antivirus software, and keep the virus signatures up to
> * Do not follow unsolicited links and do not open unsolicited email
> * Use caution when visiting untrusted websites.
> * Use caution when downloading and installing applications.
> * Obtain software applications and updates directly from the
> vendor's website.
> * Refer to the Recognizing and Avoiding Email Scams (pdf) document
> for more information on avoiding email scams.
> * Refer to the Avoiding Social Engineering and Phishing Attacks
> document for more information on social engineering attacks.
> Relevant Url(s):
> This entry is available at
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/