Holey DNS!

Been awhile since I posted, but that doesn’t mean I’ve not been busy. Trends have been all over the map lately. It would take me weeks to catch the site up with what all has been going on since my last post, so I’ll try to fill in pieces as I can going forward.

That said, for now:

PATCH DNS NOW! There’s rumblings of a potentially disastrous DNS cache poisoning vulnerability. We won’t know just how bad this is until Dan Kaminsky gives his presentation Aug. 7th. If it’s a nasty one but the impact is negligible, then credit Kaminsky, CERT, Microsoft and the other vendors involved for the way the disclosure has been handled and coordinating the patch release. Time will tell…

Posted in Uncategorized | No Comments »

Spring patching

April is a good month to take some time to get up to date on your patching. There was a healthy dose of Black Tuesday Microsoft patches (Microsoft/SANS) and a Flash exploit that was a prize winner in a recent hacking contest was patched. There have also been recent updates to Quicktime (patch details), a bunch of Adobe products, and browsers other than Internet Explorer (Firefox/Opera/Safari). So free up some time this month and take a few minutes to review installed applications and make sure you’re up-to-date!

Posted in Exploit/Vulnerability, Patches | No Comments »

“3D Screensaver” spam

Sunbelt Software has a good write-up on a recent spike in 3d screen saver spam. It’s a free screen saver that comes at a price. The malware has been tracked back to a re-emerging malware gang and is a gift that keeps on giving. Looks like Sunbelt is pursuing them hard, so kudos for their efforts. Always handle attachments and links in an e-mail message with extreme care. If you don’t know how to do that, check out page 12 of the US-CERT’s Common Sense Guide to Cyber Security for Small Businesses or any of the other links in the Resources > Awareness & Education section.

Posted in Awareness, Exploit/Vulnerability | No Comments »

March = Patch Office Month

The latest dose of monthly medicine from Microsoft includes 4 critical patches for Microsoft Office. You can get the Microsoft details or the SANS Internet Storm Center Handler’s Diary always provides a simplified view highlighting the most serious of the patches with their own ratings. Of this month’s releases, MS08-14 gets a SANS ISC rating of “Patch Now” due to active exploits in the wild.

If you haven’t done so, it’s highly recommended to configure Windows auto-update (for XP and Vista).

Posted in Exploit/Vulnerability, Patches | No Comments »

Firewire burns a hole through locked workstations

The Register, among others, reported the release of a tool that allows easy access to a locked workstation. The caveat is that it requires physical access to the Windows computer and is executed by connecting a Linux device to a Windows computer via firewire. The vulnerability has been documented since 2006, but only recently was a tool released to simplify the exploit. As El Reg notes, one wouldn’t think this would be that difficult to repair, but Microsoft has yet to address it. We can argue semantics over whether firewire or the Microsoft implementation of firewire is at fault, but that doesn’t do much for resolving the issue. Due to the need for physical access, I can’t deem this a critical vulnerability, but physical computer security is often as neglected as electronic computer security so it’s still worthy of note.

Posted in Awareness, Exploit/Vulnerability | No Comments »

Raison d’etre

Another great contribution by SearchSecurity.com: Misconfigured networks create huge security risks. The article says it all in terms of why I’m trying to do what I’m trying to do with EyeIS; my reason for being.

Posted in Uncategorized | No Comments »

PayPal bug squashed, but is it dead?

CA has a nice writeup from last month (thanks for the tip Brian) on a jsp vulnerability recently toyed with on the PayPal site. It’s a fine example of good disclosure; identifying a vulnerability, reporting it effectively, receiving prompt resolution and then documenting how it works in an informed and easy to read way. It’s also a scary little hole. If a money changer like PayPal had it and didn’t know about it, chances are others are vulnerable too. Who built your web site and is it using jsp pages? I’ll keep my eyes peeled for any indicators as to how broad this vulnerability may be as I honestly am not sure exactly how utilized jsp pages are these days.

Posted in Awareness, Exploit/Vulnerability | No Comments »

Resources updated

I finally got around to posting the first batch of links in the Resources section. There will be more to follow as I hope for that section to be somewhat exhaustive.

I’m also happily accepting recommendations for links, so if there’s any links I’ve missed that may be useful, feel free to comment or e-mail me (brad@eyeis.net).

Posted in Site Update | No Comments »

Hello world!

It’s 12:30 a.m. and we are officially online. So hello and welcome. We hope you find us a useful resource in the years to come.

We still have some work to do on the site, but things are coming along, so please try to excuse any wayward links or vacant space. Hopefully in the next week or two we’ll be able to get more content online. In the meantime, feel free to register via the link on the bottom right and you can comment and contribute to our dialog on the latest news and happenings in computer security.

Posted in Site Update | No Comments »

Mining google…

Cult of the Dead Cow (cDc, famous for the backdoor suite Back Orifice) enter the news again bringing attention this time to using Google as a tool for reconnaissance and assessment with the release of Gulag. While this hacking technique isn’t new – Google Hacking has been well documented by the likes of Johnny Long (http://johnny.ihackstuff.com) – the press is.

Some will be angry at a publicized release that simplifies a hacking technique and some will be pleased. Personally, I’m a little torn. I applaud the intent of such a tool; it draws attention to a serious security concern and provides another useful method of assessing your network. And lets face it, the bad guys are using this method already, so giving people a tool that makes it easier to see what is already known to the attackers is a good thing.

If I get around to checking it out any time soon, I’ll post an update.

Posted in Awareness, Exploit/Vulnerability | No Comments »