Twitter
RSS

Posts Tagged ‘diary-archives’

« Older Entries

SSL: Another reason not to ignore IPv6, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the “quick fix”, as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4.  The most obvious issue here is logging, in that the application only “sees” the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses.

Read More...

e-netprotections.su ?, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

  Like with .biz, I sometimes have the impression that .su and .cc could be sinkholed in their entirety, because the bad domains seem to vastly outnumber whatever (if any) good is running under these TLDs as well. Earlier today, ISC reader Michael contacted us with information that several PCs on his network had started to communicate with iestats.cc, emstats.su, ehistats.su, e-protections.su and a couple other domains.

Read More...

Extracting signatures from Apple .apps, (Thu, May 16th)

By on Thursday, May 16th, 2013 | No Comments

As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected

Read More...

CVE-2013-2094: Linux privilege escalation, (Tue, May 14th)

By on Tuesday, May 14th, 2013 | No Comments

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions

Read More...

Microsoft May 2013 Black Tuesday Overview, (Tue, May 14th)

By on Tuesday, May 14th, 2013 | No Comments

Overview of the May 2013 Microsoft patches and their status. # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS13-037 The usual monthly MSIE cumulative patch, adding fixes for 11 more vulnerabilities. All but one are use after free vulnerabilities

Read More...

Extracting Digital Signatures from Signed Malware, (Sat, May 11th)

By on Saturday, May 11th, 2013 | No Comments

Sometimes attackers digitally sign their malicious software. Examining properties of the signature helps malware analysts understand the context of the incident.

Read More...

Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here:…

By on Thursday, May 9th, 2013 | No Comments

— John Bambenek bambenek at gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140, (Thu, May 9th)

By on Thursday, May 9th, 2013 | No Comments

—— Johannes B. Ullrich, Ph.D

Read More...

"De Flashing" the ISC Web Site and Flash XSS issues, (Wed, May 8th)

By on Wednesday, May 8th, 2013 | No Comments

You may have noticed that earlier today, I removed the flash player that we use to play audio files on our site. The trigger for this was a report that the particular flash player we use (an open source player usually used with Wordpress) is suscepible to cross site scripting [1][2]. Instead of upgrading to the newer (patched) version, we instead decided to remove the player.  The other part of this is that pretty much all current browsers do have reasonable support for HTML 5 audio tags.

Read More...

Are there any websites that are NOT compromised?, (Wed, May 8th)

By on Wednesday, May 8th, 2013 | No Comments

Today was yet another day with lots of compromissed websites, some notable others less.

Read More...
« Older Entries