Twitter
LinkedIn
RSS

Posts Tagged ‘diary-archives’


New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th)

—— Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center.

Read More...

Looking for malicious traffic in electrical SCADA networks – part 1, (Tue, Apr 15th)

When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability ?

Read More...

VMWare Advisory VMSA-2014-0004 – Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html, (Tue, Apr 15th)

Richard Porter — ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

INFOCon Green: Heartbleed – on the mend, (Mon, Apr 14th)

We are going back to INFOCon Green today.

Read More...

Reverse Heartbleed Testing, (Sun, Apr 13th)

I wanted to know if the tools/software I execute regularly are vulnerable to scraping my system memory.  Now the reverse heartbleed scenario is very possible, but the likelihood seems to be much more of a non-issue.   Seeing is still believing in my book

Read More...

VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) – http://www.vmware.com/security/advisories/VMSA-2014-0003.html and…

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center.

Read More...

How to talk to your kids about "Heartbleed", (Fri, Apr 11th)

With more mass-media attention to the heartbleed bug, we are getting more questions from “normal users” about the heartbleed bug. The “Heartbleed” bug is not affecting end users using Windows. It does not affect standard Windows browsers (Internet Explorer, Firefox, Chrome)

Read More...

All things not Heartbleed, (Thu, Apr 10th)

We were talking yesterday that with the Heart Bleeds issue front and center, what about the “everything else” factor? With everyone so focused on this one issue, coupled with the knowledge that *lots* of folks still have XP and in the all the OpenSSL excitement might not have patched.  In particular, the horde of XP machines we call ATMs would be a particularly good target this week (or any other week until they get updated really).  So please folks, let's do what we can on the OpenSSL side, but keep the needed focus on other areas too! Mark's story yesterday on OpenSSL “check” sites makes the great point that these sites can be collecting information as well as giving you info.  Keep in mind that we expect to see some bogus sites pop up to – I'd expect to see some fake check sites distributing malware if we don't see them already How about SSL and other site issues that aren't vulnerable to Heartbleed

Read More...

Heartbleed vendor notifications, (Wed, Apr 9th)

As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications.   I'd like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue.   Please provide comments to the original article relating to the vulnerability itself,  and use this post to only provide links to vendor notifications rather than articles etc about the issue.

Read More...

Security Updates available for Adobe Flash Player – http://helpx.adobe.com/security/products/flash-player/apsb14-09.html, (Tue, Apr 8th)

— Rick Wanner – rwanner at isc dot sans dot org – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...