Do Firewalls make sense?, (Thu, May 17th)
Once in a while, someone comes up with the idea that firewalls are really not all that necessary. Most recently, Roger Grimes of Infoworld [1][2]. I am usually of the opinion that we definitely...
View ArticleNew IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos,...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Feature of the Week: Tools->Information Gathering, (Thu, May 17th)
Overview One of the sections on the ISC Tools page is Information Gathering at https://isc.sans.edu/tools/#info-gathering. This collection will help you easily find out how your browser and plugins...
View ArticleISC StormCast for Friday, May 18th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleZTE Score M Android Phone backdoor, (Fri, May 18th)
The ZTE Score M phone, apparently available via Metro PCS in the US, comes with a special suid backdoor. The backdoor for a change does not use a fixed secret root password. But instead, the suid...
View ArticlePHP 5.4 Remote Exploit PoC in the wild, (Sat, May 19th)
There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which...
View ArticleDNS ANY Request Cannon - Need More Packets, (Mon, May 21st)
We have a report from our reader Tuukka, who observed a flood of DNS ANY requests from likely spoofed IP addresses. What we know so far is that it seems to be a DNS Reflective Amplification Attack....
View ArticleWe updated our SSL certificate. Also note that we are deprecating various...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Articlenmap 6 released, (Tue, May 22nd)
nmap 6 was released earlier today, which is a major upgrade to the old version of nmap. One feature that excites me in particular is full IPv6 support, including OS fingerprinting. In order to...
View ArticleISC StormCast for Tuesday, May 22nd 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleThe "Do Not Track" header, (Tue, May 22nd)
A recent proposal, supported by many current web browsers, suggests the addition of a Do Not Track (DNT) header to HTTP requests [1]. If a browser sends this header with a value of 1, it indicates that...
View ArticleWhen factors collapse and two factor authentication becomes one. , (Tue, May...
The benefits of two factor authentication are pretty much Security 101 material. And we are also told, that two factors are more then password 1 and password 2. RSA for example, one of the leaders of...
View ArticleISC StormCast for Wednesday, May 23rd 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleProblems with MS12-035 affecting XP, SBS and Windows 2003?, (Wed, May 23rd)
There is a fair amount of chatter in Microsoft forums regarding problems cause by recent Microsoft patches. [1][2][3][4] From what Ican gather users are repeatedly being prompted to reinstall 3 older...
View ArticleIP Fragmentation Attacks, (Wed, May 23rd)
Using overlapping IP fragmentation to avoid detection by an IDS has been around for a long time. We know how to solve this problem. The best option in my opinion is to use a tool such as OpenBSD's pf...
View ArticleIt's Phishing Season! In fact, it's ALWAYS Phishing Season!, (Wed, May 30th)
It's always great to hear from our readers, we just got this note in from Tom on a phish that he recently encountered: One of my followers on Twitter (whose account was likely hacked or fell victim to...
View ArticleISC StormCast for Thursday, May 31st 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSCADA@Home: Your health is no secret no more!, (Thu, May 31st)
One of my interest recently has been what I call SCADA@Home. I use this term to refer to all the Internet connected devices we surround ourself with. Some may also call it the Internet of devices. In...
View ArticleWhy Flame is Lame, (Thu, May 31st)
We have gotten a number of submissions asking about Flame, the malware that was spotted targeting systems in a number of arab countries. According to existing write-ups, the malware is about 20 MB in...
View ArticleNASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates,...
A posting to pastebin, by a group that calls itself Cyber Warrior Team from Iran, claims to have breached a NASA website via a Man in the Middle attack. The announcement is a bit hard to read due to...
View Article