Twitter
RSS

Archive for the ‘SANS Internet Storm Center’ Category

« Older Entries

ISC StormCast for Tuesday, May 21st 2013 http://isc.sans.edu/podcastdetail.html?id=3320, (Tue, May 21st)

By on Tuesday, May 21st, 2013 | No Comments

(c) SANS Internet Storm Center.

Read More...

Safe – Tools, Tactics and Techniques, (Mon, May 20th)

By on Monday, May 20th, 2013 | No Comments

Trend Micro published a report last week on a spear-phishing emails campaign that contain a malicious attachment exploiting a Microsoft Office vulnerability ( CVE-2012-0158 ).

Read More...

Ubuntu Package available to submit firewall logs to DShield, (Mon, May 20th)

By on Monday, May 20th, 2013 | No Comments

I put together a simple .deb package to install our DShield iptables client on Ubuntu.

Read More...

Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings…

By on Monday, May 20th, 2013 | No Comments

———– Guy Bruneau IPSS Inc.

Read More...

ISC StormCast for Monday, May 20th 2013 http://isc.sans.edu/podcastdetail.html?id=3317, (Mon, May 20th)

By on Monday, May 20th, 2013 | No Comments

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Port 51616 – Got Packets?, (Sun, May 19th)

By on Sunday, May 19th, 2013 | No Comments

We're looking for any info or packets that target port 51616.   After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know.

Read More...

SSL: Another reason not to ignore IPv6, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the “quick fix”, as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4.  The most obvious issue here is logging, in that the application only “sees” the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses.

Read More...

ISC StormCast for Friday, May 17th 2013 http://isc.sans.edu/podcastdetail.html?id=3314, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

(c) SANS Internet Storm Center.

Read More...

e-netprotections.su ?, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

  Like with .biz, I sometimes have the impression that .su and .cc could be sinkholed in their entirety, because the bad domains seem to vastly outnumber whatever (if any) good is running under these TLDs as well. Earlier today, ISC reader Michael contacted us with information that several PCs on his network had started to communicate with iestats.cc, emstats.su, ehistats.su, e-protections.su and a couple other domains.

Read More...

Extracting signatures from Apple .apps, (Thu, May 16th)

By on Thursday, May 16th, 2013 | No Comments

As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected

Read More...
« Older Entries