Microsoft released out-of-band updates targeting increased attacks using CVE-2010-0806, and other several vulnerabilities on IE8 as well.
These updates does not address the recent vulnerability used in pwn2own contest @ CanSecWest.
Wednesday, March 31, 2010
Materials, Octopus Interface 2010, Cooperation Against Cybercrime
Last week, representatives from governments, law enforcement authorities, international organizations, and the Internet industry gathered to discuss the “Cooperation Against Cybercrime” in Octopus Interface conference, here are the presentations.
Monday, March 29, 2010
Smartphone Security - Part 4
In CanSecWest Pwn2Own 2010, researchers were able to break in a fully patched IPhone using unknown Safari vulnerability, it took them 2 weeks to find the vulnerability and write the exploit and took them 20 seconds to hijack the entire SMS database and uploaded it to a server.
The researchers claim that they can also hijack the emails and photos using the same vulnerability.
Vulnerability details will be disclosed after releasing a patch by Apple, as per the press release.
Whatever the details of the vulnerability is, it is a fact that finding a vulnerability is not that difficult, and considering the growing market share of the smartphones, with more and more powerful hardware, the problem of smartphone security will be a big issue.
Wednesday, March 24, 2010
Open Source and Free security Tools
Top 75 Open Source Security Tools, and 26 Open Source Tools with commercial support, both lists worth checking.
check also:
Sunday, March 21, 2010
Finding Malware Using Cached DNS entries
This is an interesting way of checking your DNS cash for malicious domains, an easier method instead of examining the DNS server log. This might miss some domains with low TTL value, but still very handy.
After some trials on a small ISP DNS server, the short TTL is dominating Zeus domain (1 min on average) , so checks should be on-going, with DNS overheads in mind.
Another good idea is to add more sources of malicious domains, check my list.
Great idea with minimum overheads.
Wednesday, March 10, 2010
Mariposa, Game Over
After shutting down Mariposa, PandaLabs published some statistics on the infection rate per country, and it is really interesting that US and China are not on top, instead we are seeing several Arab countries in the top list, Egypt, Saudi Arabia, Morocco, and Emirates.
I compared the data from PandaLabs with the internet usage in each country, and came up with the infection percentage with reference to internet usage, then using ManyEyes, below is how it looks like, with almost 10% of internet users in Kazakhstan, Mexico and Emirates are infected.
Monday, March 8, 2010
Firewall Rules Scanner, Open Source
Flint is the name of the tool, it examines firewalls, and spots problems so you can:
- Clean up configuration
- Check if new rules will create problems
- Discover overly rules
Thursday, March 4, 2010
Botnet network behavior analysis lab
Here is a suggestion for building a botnet network behavior analysis lab based on netflow, DNS, Snort, proxy, and packet capture logs .
Notes:
- Vyatta vc6 alpha version supports netflow.
- Net:DNS:Nameserver can be configured to be a fake DNS.
- Malicious domains can be collected from some feeds in this list
- Other sources of malicious domains could be spamtraps, twitter timeline, ....
Monday, March 1, 2010
Subscribe to:
Posts (Atom)