The Security Impact of HTTP Caching Headers, (Fri, Nov 15th)
Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers [2]. The headers allowed authenticated content to be cached, which may lead to sessions being shared between...
View ArticlePHP 5.5.6 Contain several bug fixes -...
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Sagan as a Log Normalizer, (Sat, Nov 16th)
"Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc)."[1] Sagan is a log analysis...
View ArticleISC StormCast for Monday, November 18th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAm I Sending Traffic to a "Sinkhole"?, (Mon, Nov 18th)
It has become common practice to setup "Sinkholes" to capture traffic sent my infected hosts to command and control servers. These Sinkholes are usually established after a malicious domain name has...
View ArticleUpdated dumpdns.pl, (Tue, Nov 19th)
I exchanged some e-mail today with reader, Curtis and as result have fixed a typo and added some error checking to handle a problem that he was seeing (though I didn't, I suspect it has to do with...
View ArticlevBulletin.com Compromise - Possible 0-day, (Tue, Nov 19th)
Earlier today, vBulletin.com was compromised. The group conducting the attack claims to have a 0-day available that enabled the attacker to execute shell commands on the server. The attacker posted...
View ArticleISC StormCast for Tuesday, November 19th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Winpmem - Mild mannered memory aquisition tool??, (Tue, Nov 19th)
There should be little argument that with today's threats you should always acquire a memory image when dealing with any type of malware. Modern desktops can have 16 gigabytes of RAM or more filled...
View ArticleClik here to view.
Searching live memory on a running machine with winpmem, (Wed, Nov 20th)
Winpmem may appear to be a simple a memory acquisition tool, but it is really much more. In yesterday's diary I gave a brief introduction to the tool and showed how you can use it to create a raw...
View ArticleISC StormCast for Wednesday, November 20th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
"In the end it is all PEEKS and POKES.", (Thu, Nov 21st)
At SANS Hackfest Penetration Testing summit I had the pleasure of reminiscing with Jedi Master Ed Skoudis about assembly language on our old Commodore 64s. Then Ed made one of his typical profound...
View ArticleISC StormCast for Thursday, November 21st 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAre large scale Man in The Middle attacks underway?, (Thu, Nov 21st)
Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months...
View ArticleISC StormCast for Friday, November 22nd 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Azure offline , (Thu, Nov 21st)
We are receiveing reports of an Azure outage. This is affecting Microsoft DNS, XBOX and other services. Thanks to Nick and Steve for reporting the outage. More information is available here:...
View ArticleClik here to view.
Tales of Password Reuse, (Fri, Nov 22nd)
As a security practitioner I try really hard to drink the Kool-Aid, in other words practice what I preach. I have been a strong advocate, for well over a decade, of avoiding password reuse. There is...
View ArticleThis afternoon and over the weekend, we will experiment with a faster server...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleApple not updating OS X Mountain Lion?, (Fri, Nov 22nd)
Larry Seltzer over at ZDNet has noticed that since the release of OS X Mavericks that Apple has stopped updating OS X Mountain Lion. Although Apple is not forthcoming with the reasons for this, it...
View ArticlePlanning for Failure, (Sat, Nov 23rd)
I have been witness to network and system security failure for nearly two decades. While the players change and the tools and methods continue to evolve, it's usually the same story over and over:...
View Article