Storm Botnet Celebrates Birthday With Fireworks, (Fri, Jul 4th)

Hot

(0)

Not

(0)

SANS Internet Storm Center, InfoCON: green | 07/03/08 21:56

I read about MX Logic's prediction this morning (www.computerworld.com/action/ article.do) that we should expect another wave of Storm Bot recuitment emails likely using the US Independence Day holiday as a lure. This group behind the Storm Botnet has always been concious of timing and shortly after 5pm Eastern time I began...

  CitySec Updates And Now More Ways To Stalk Us!

Hot

(0)

Not

(0)

Matasano Chargen | 07/03/08 20:11

STLSec. Shawn @ Agurasec yelled at me for not letting everyone know that St. Louis has an active CitySec meetup: The next STLSec is July 10 @ the Fox and Hound. Be there or be square. We had a great crowd our second time out, about 15-20 folks, roughly the same as the first one, with a [...]

  Ruby for Pentesters #1: Use Modules For Lists Of Constants

Hot

(0)

Not

(0)

Matasano Chargen | 07/03/08 16:03

Almost 2 years ago, Dino declared Python to be the “lingua-franca of over-the-hill hackers”, boldly asserting that 5 out of 6 security hackers under the age of 30 preferred Ruby instead. Being 30 at the time, I was an easy psychological target for this argument. I made the switch and haven’t regretted it....

  New Opera v9.51 fixes couple of security issues, (Thu, Jul 3rd)

Hot

(0)

Not

(0)

SANS Internet Storm Center, InfoCON: green | 07/03/08 6:37

A new version of Opera (v9.51) has been released. It fixes couple of security vulnerabilities and some stability issues. One of the fixed issues includes arbitrary code execution but the exploit has not been published yet.

  Detecting scripts in ASF files (part 2), (Thu, Jul 3rd)

Hot

(0)

Not

(0)

SANS Internet Storm Center, InfoCON: green | 07/03/08 3:10

Back in April, I wrote a diary about an interesting ASF files that had a script stream included (http://isc.sans.org/diary.html? storyid=4355). The script stream caused Windows Media Player to use Internet Explorer to retrieve content from a URL embedded in the script. As you can probably already guess, the URL lead to a web...

  PCI-DSS v1.1 and OWASP Top 10

Hot

(0)

Not

(0)

360 Security | 07/02/08 18:57

Today Jeremiah Grossman posted that the PCI-DSS 1.1 uses the OWASP Top 10 from 2004. This was picked up by Nathan McFeters over on the Zero Day blog... I wasn't aware that this was really a news worthy issue. There...

  Another little script I threw together, (Wed, Jul 2nd)

Hot

(0)

Not

(0)

SANS Internet Storm Center, InfoCON: green | 07/02/08 16:13

For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks. I normally query several different whois servers to find this info. Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that...

  The scoop on the spike in UDP port 7 traffic, (Wed, Jul 2nd)

Hot

(0)

Not

(0)

SANS Internet Storm Center, InfoCON: green | 07/02/08 16:12

As I mentioned during my last shift, one of the first things I look at when I start my shift is our trends graph. When my shift began 20 hours ago, I noticed that huge spike in traffic on port 7 (and when looking at the ascii data, noted that it was 100% UDP). For those of you who don't remember, port 7 is the old echo...