"Woman of Excellence" Spam/Phishing Email

The problem with that, in no small part is that I am in fact a man. This spam message I got yesterday made me smile. The link to "Accept Your Nomination" was interesting. It looked like this...

http://www.woeawardss.com/e<snip>b0/unadulterated-pushing

Yes. It does in fact say, "unadulterated-pushing" at the end. Note: I broke the link so that you can't hurt yourself. If you click on it, you just come back to this page.

This is clearly a phishing email designed to intrigue you. As phishing messages go, it's pretty good. It uses my first name, doesn't have any obtuse grammar or mis-spelled words. If I were a woman, I'd be a little intrigued. I still wouldn't have clicked on it because it's pretty clearly spam, but my mom would for sure.

 

Woman of Excellence Spam

Remediating the Java Deserialization Vulnerability

The most under-reported software vulnerability of 2015 is turning out to be a flaw in Java deserialization. It hasn't been given a fancy name and used in wildly overstated "news" articles designed to sell more subscriptions to Lifelock, but it is very dangerous nonetheless.

Java is hit particularly hard by this exploit. At this time .NET is not affected though it is still theoretically possible to exploit a .NET application as long as the application is using serialization for dependency injection.

Here is a good, in-depth article describing the vulnerability, providing some resources for determining if you are affected, and some details for crafting your own exploits if you are so inclined.

https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/