Archive for the ‘Awareness’ Category
Thursday, May 14th, 2009
If you're running antivirus software and you see the dreaded virus detection notice, take heed and be paranoid. Many drive-by infections will throw a host of exploits at a possible victim in their attempts to optimize the ratio of "visitors" and successful infections. With malware variants, polymorphism and obfuscation, antivirus ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Monday, March 30th, 2009
Conficker, aka Downadup, is a worm that grew to prominence thanks to the vulnerability patched in MS08-067 last October. It's getting widespread popularity in the media these days and deservedly so; a large botnet is always a source of concern and I wish the media paid more attention to the ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Thursday, March 26th, 2009
Depth in defense is always a priority in securing an environment. For the novice, the notion is that the more layers of defense you have in place the more likely you'll be able to detect the bad guys and their malicious code. The typical analogy is that of a fortified ...
Posted in Awareness, Management, Solution, Tools | No Comments »
Saturday, January 31st, 2009
I've been tracking the rash of fake A/V scamware since last fall and while most of these are probably out of commission, the list below provides a glimpse into the creative (or lack thereof) domain names that are popping up daily. I've not had a chance to cross-reference this list ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Wednesday, March 12th, 2008
Sunbelt Software has a good write-up on a recent spike in 3d screen saver spam. It's a free screen saver that comes at a price. The malware has been tracked back to a re-emerging malware gang and is a gift that keeps on giving. Looks like Sunbelt is pursuing them ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Thursday, March 6th, 2008
The Register, among others, reported the release of a tool that allows easy access to a locked workstation. The caveat is that it requires physical access to the Windows computer and is executed by connecting a Linux device to a Windows computer via firewire. The vulnerability has been documented since ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Wednesday, March 5th, 2008
CA has a nice writeup from last month (thanks for the tip Brian) on a jsp vulnerability recently toyed with on the PayPal site. It's a fine example of good disclosure; identifying a vulnerability, reporting it effectively, receiving prompt resolution and then documenting how it works in an informed and ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Friday, February 22nd, 2008
Cult of the Dead Cow (cDc, famous for the backdoor suite Back Orifice) enter the news again bringing attention this time to using Google as a tool for reconnaissance and assessment with the release of Gulag. While this hacking technique isn't new - Google Hacking has been well documented by ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Friday, February 22nd, 2008
Well, well, well. It will be interesting to see whether businesses will be backing away from desktop encryption. While the hard work of the folks at Princeton University showed nothing is impenetrable, disk based encryption methods can still provide a level of security that surpasses unencrypted filesystems. There is no ...
Posted in Awareness, Exploit/Vulnerability | 2 Comments »
Saturday, February 16th, 2008
SANS was all over this right after Christmas. I'm glad to see it getting a bit more press and must admit that Deborah Gage's write-up lacks the confusion we typically see in the media reporting of incidents. (Although I guess the media confusion applies to all subject matter.) If an ...
Posted in Awareness, Exploit/Vulnerability, Incident | No Comments »
