Hi ::/0, I just received a call from one of our customers, who was having some problems with duplicate records being created in a remote system ... the system is used through a web interface, and data is stored via a GET operation ... (no, I did not implement that system, as I would have opted to use both SSL as well as decent authentication & POST instead)
Anyway, it turns out the duplicate requests were created an IP 150.70.84.25, which according to some research turns out to be used by Trend Micro, Japan (APNIC records are pretty unusable, though, as usual) According to the customer, the behavior started around July 30th, which is a couple days after I upgraded the customer ASA / CSC, which 6.3.1172 installed on the CSC ... So it turns out that the new release uses a subset of URLs requested, transfers those to TM, which in turn probably uses them to find potential malware ... as such, this might be OK, but I could not locate ANYWHERE in the CSC where there is an option to disable this function, or at least an information about that feature having been introduced ... (previous releases to my knowledge didn't do that ...) Anybody else notice this yet? I just opened a ticket with TAC and complained about it ... for me, it's a pretty bad case of security and confidentiality breach ... but maybe that's just me ... -garry _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
