Critical OpenSSL Patch Available. Patch Now!, (Thu, Jun 5th)
[Webcast Correction] Important correction to the webcast. The MITM attack does not just affect DTLS. It does affect TLS (TCP) as well. Quick Q&A Summary from the webcast: - The MITM vulnerablity...
View ArticleMore Details Regarding CVE-2014-0195 (DTLS arbitrary code execution), (Thu,...
HP's Zero Day Initiative released a few more details about this bug explaining the nature of the problem. It is actually remarkably similar to some of the IP fragmentation bug we have see in the past....
View ArticleUpdated OpenSSL Patch Presentation, (Thu, Jun 5th)
I recorded an updated Internet Storm Center Briefing for today's OpenSSL patches. It corrects a couple of mistakes from this afternoon's live presentation and adds additional details to CVE-2014-0195....
View ArticleISC StormCast for Friday, June 6th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft June Patch Tuesday Advance Notification, (Fri, Jun 6th)
Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday [1]. There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is...
View ArticleClik here to view.
efax Spam Containing Malware, (Sun, Jun 8th)
Beware of efax that may come to your email inbox. This week I receive my first efax spam with a source address of "Fax Message [message@inbound.efax.com]" which contained a link to www.dropbox.com that...
View ArticleISC StormCast for Monday, June 9th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Tuesday, June 10th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Patch Tuesday June 2014, (Tue, Jun 10th)
Overview of the Jun 2014 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS14-030 Vulnerability in Remote...
View ArticleMozilla Patches - Firefox to 30, ESR to 24.6, Thunderbird to 24.6. See...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAdobe Fl(u|a)sh Patches:...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSampling Bias, (Tue, Jun 10th)
Today, I was researching a rather complex subject, and it brought me to dozens of web sites to catch up on the latest techie clue. And what felt like half of the web pages popped up that obnoxious Â...
View ArticleGimme your keys!, (Wed, Jun 11th)
It doesn't take a lot of security savvy to realize that private keys used for things like SSH login probably should not be stored in the webroot of a web server. The physical world equivalent would be...
View ArticleHelp your pilot fly!, (Wed, Jun 11th)
What the Federal Aviation Administration (FAA) calls "novel and unusual" apparently entails some sort of direct network connectivity between the avionics (think: cockpit) and the passenger...
View ArticlePay attention to Cryptowall!, (Wed, Jun 11th)
CryptoLocker might be pretty much off the radar. But Cryptowall is alive and kicking, and making the bad guys a ton of money. It mainly spreads by poisoned advertisements and hacked benign websites,...
View ArticleISC StormCast for Wednesday, June 11th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Thursday, June 12th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBIND Security Update for CVE-2014-3859, (Thu, Jun 12th)
BIND has released a security update (CVE-2014-3859) for versions 9.10.0-p2, 9.9.5-p1, 9.8.7-p1. The update is available for download here. [1]...
View ArticleVMware Address OpenSSL Security Vulnerabilities for ESXi 5.5 prior to...
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS...
The latest release of Metasploit released today includes a module to ease exploitation of CVE-2014-0195. This vulnerability in the DTLS implementation of OpenSSL was patch last week and didn't get the...
View Article