tag:blogger.com,1999:blog-52963572024-02-20T20:24:18.658-05:00Net ManagerNetwork Managing, Engineering and Administration with an eye toward security. <BR><BR>
Best practices meets the real world!Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.comBlogger469125tag:blogger.com,1999:blog-5296357.post-1108592377288314572005-02-16T17:19:00.000-05:002005-02-16T17:19:37.286-05:00Symantec UPX Parsing Engine Heap OverflowI hope nobody is in the same shape that I'm in. I've been behind in getting Symantec AV 9.0.0 installed and found a break during a conversion to get it rolled out to the clients. For reference it's not required, but I imagine in the future it will be. Then, the day that I'm finishing the last of just under 400 users this comes out: Symantec UPX Parsing Engine Heap Overflow. You guessed itDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1108592146914106922005-02-16T17:15:00.000-05:002005-02-16T17:15:46.913-05:00Microsoft Security PatchesMicrosoft has been quiet for a while, and now in February they release 13 patches, with 8 of them critical. SANS-Internet Storm Center has a great wrapup of the bulletins, and an order to patch them in.
They are up to all their usual tricks, including a stealth patch, and the number of vulnerabilities isn't 13, but at least 17. I read in their blog that they had to put out something like Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1107371030590873212005-02-02T14:03:00.000-05:002005-02-02T14:03:50.590-05:00The Weakest LinkRan across this on Bruce Schneier's site and got a laugh out of it. Schneier on Security: The Weakest Link. Make sure you look at the picture.Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1106833771414528032005-01-27T08:49:00.000-05:002005-01-27T08:49:31.413-05:00Three major Cisco vulnerabilitiesCisco has released fixes for three new vulnerabilities. The three are BGP, MLPS, and IPv6 related. All three vulnerabilities cause reloads of the IOS which makes them pretty severe issues.
So far, the worst one appears to be the Misformed BGP Packet Causes Reload problem. Malformed packet can cause a reboot of the IOS which used repeatedly can be a DOS issue. This can be mitigated somewhat Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1106079454035917802005-01-26T20:01:00.000-05:002005-01-26T19:57:03.753-05:00Linux -vs- Windows, an age old argumentI've been doing some investigation lately into the security aspects of Linux, BSD, Solaris, and Windows. Before I go too much further let me just say that all of them have their merits, and to a large degree any of them can be configured securely.
One of the things I've been looking at is the number of vulnerabilities that a product has and the severity of the vulnerabilities. What exactly haveDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105474079603130752005-01-11T15:07:00.000-05:002005-01-13T09:13:33.233-05:00Microsoft Security Bulletins (3) Microsoft has released three new security bulletins. They include three remote executable holes.
The first notice MS05-001 is a cross domain vulnerability (CAN-2004-1043) affecting Internet Explorer 6. It affects Windows 2000, XP (including SP2), Windows Server 2003, and Windows 98/ME (Note: a default install of Windows Server 2003 is not vulnerable, only if you turned off IE's restricted modeDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105225147291393682005-01-08T17:59:00.000-05:002005-01-10T22:11:15.560-05:00Linux Kernel Local Privilege ElevationThis is a local privilege escalation flaw that requires local access to the server in order to exploit the flaw.
This flaw is present in both the 2.4 kernel and the 2.6 kernel. All 2.4 releases through 2.4.29-pre3 are vulnerable, and all releases of the 2.6 kernel through 2.6.10 are also vulnerable.
A flaw in the binary format loader layer allows a local exploit through the uselib() functions Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105118675046284002005-01-07T01:15:00.000-05:002005-01-07T12:25:33.733-05:00Vulnerability ScanningWe've been talking about this lately at work, so it's a good subject to start with.
We're all probably familiar with the 'Penetration Test' that scans external access to a network to see what vulnerabilities exist. What I'm referring to is an internal scan to see what vulnerabilities exist. Running a internal vulnerability scan can get into a debate, mostly about the differences between Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1104890312168146762005-01-01T20:00:00.000-05:002005-01-04T20:58:32.166-05:00Out with the old and in with the newI didn't have a great 2004, but now that it's behind us, maybe 2005 will be better. At least I'm keeping a positive outlook.
I've decided to try and work on this blog a bit more, especially with regards to both adding comments in to the stories that I've been reading / exploring on the net, but also adding in some of the research that I so often do (and don't post about). It means a bit more Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1084819498254096252004-05-17T14:44:00.000-04:002004-05-17T14:44:58.253-04:00Cisco, say it isn't so!There's been several rumors and news stories about how Cisco's IOS code was stolen by a group of Russian Hackers. According to this cnet news article, cisco investigates source code leak, they acknowledge that an investigation is underway, and that it looks like their code that was posted to a Russian security web site. According to a Security Lab article, it looks like 12.3 and 12.3t were Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1084278427441919972004-05-11T08:25:00.000-04:002004-05-11T08:30:40.623-04:00Blogger UpdateBlogger was updated recently, and I'm impressed with the changes, though I'd *love* to be able to post images, even if there's some limitation on it. Since blogger now allows comments, I'm switching over to the Blogger comments (as soon as I figure out how to :).
Update: Seems that the comments will only work on new postings. Since I didn't have that many comments previously, I guess they Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1083875399109598932004-05-06T16:29:00.000-04:002004-05-06T16:39:59.920-04:00Viruses and WormsMost network security sites that I've been to during the last two days have reduced their overall security status to either a level 2, or level 1 since Sasser is well documented, and the threat has reduced. I've also seen some comments about the potential combining of Sasser and the Phatbot worm/virus. That's a scary thought. Joe Stewart of LURHQ has a nice writeup of the Phatbot worm/virusDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1083600686235018282004-05-03T12:11:00.000-04:002004-05-03T12:15:31.640-04:00Sasser WormSasser worm is now in the wild, with an A, B and C variant already documented and reports of a D variant waiting in the wings. Sans's Incident Storm Center is all over this one. They've updated their infocon to Yellow, Symantec is at a 3, ISS is at either a 2 or 3, and many virus vendors are following this one as well. The folks over at F-Secure have a nice Weblog in which they document someDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1083330643230592252004-04-30T09:10:00.000-04:002004-04-30T09:14:54.856-04:00MemphisWell, I had a business trip this week and got to see the home of the King (Elvis), Beale St., and the Mississippi river. From what folks told me, it's changed, but it seems to be a nice place. Boy do they know how to eat over there. We went to the Rendezvous Resturant and had their famous ribs. The joke of the trip was that one person kept talking about goint to Huey's and having their Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1082817890233754792004-04-24T10:44:00.000-04:002004-04-24T10:48:53.560-04:00DowntimeSorry about the down time lately. I havn't been updating this for a while, and it's not that I havn't wanted to, it's more about two issues. The first is, how much should I be doing this at work and the second is the time that I have to do this. I do have some time at work (like lunch, and in the mornings, and late in the day) to be able to hammer out a post (less than 5 minutes), but I Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1081779971112299832004-04-12T10:26:00.000-04:002004-04-12T10:29:58.793-04:00CEO: Take a hands on approach to data securityThis is almost funny. In an article in the Washington Post entitled "A Need for Greater Cybersecurity" it says that an 'industry task force' says that CEOs should assume 'direct responsibility' for securing their networks. These are the same folks that seem to bring viruses and worms in on their infected laptops, or is that only in my company :-)
I think what they were trying to say here Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1080163047308886342004-03-24T16:17:00.000-05:002004-03-24T16:20:50.403-05:00Microsoft and the EUI was going to link to the eWeek article, or the cNet article, but (sigh) neither had a link to the actual documents that the EU released. Seems only GrokLaw's article: The EU Commission's Microsoft Decision has a link to the article itself and the real details of the decision. I do have to admire Microsoft to come out with the "Why this will destroy our IP!" argument. Most folks will never Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1080073225073246262004-03-23T15:20:00.000-05:002004-03-23T15:23:46.810-05:00Look out for the backspinI liked this analogy that Mark Gibbs put out in his Backspin column: Affording monoculture. We need to embrace the differences and not let them become something to see as problems. Interesting analogy!Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1079474272688473192004-03-16T16:57:00.000-05:002004-03-16T17:01:04.670-05:00DOJ Report on PhishingThere is a nice report over at anti-phishing.org on handling Phishing scams. It appears to be a nice writup from the DOJ: Special Report on Phishing (PDF).Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1079035271122122712004-03-11T15:01:00.000-05:002004-03-11T15:04:17.170-05:00BayStar back in the spotlightHere's another GrokLaw piece regarding the BayStar connection:Business Week: MS Did Ask BayStar If They'd Like to Invest in SCO. Seems that 'senior executives' at Microsoft told the managing partner of BayStar that he might be interested in investing in SCO. A Microsoft spokesman says that there is no "direct or indirect" relations with BayStar. Draw your own conclusions after reading all theDavidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078860543272121022004-03-09T14:29:00.000-05:002004-03-09T14:32:06.280-05:00BFOH This article over at the Register reminded me a lot of the SCO fiasco: BOFH: Protecting bodily waste in the public domain. Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078514127032928872004-03-05T14:15:00.000-05:002004-03-05T14:18:24.920-05:00 A peek at script kiddie cultureHere's a nice article over at NewsForge about getting A peek at script kiddie culture. There's some telling comments in there, but one very interesting admision. The DCOM exploit was being used in the wild for a while before it was patched. Despite what he says about agreeing with MS that the script kiddies pick this up afterwords, this does show that they do use things that arn't released Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078512769880014472004-03-05T13:52:00.000-05:002004-03-05T13:59:11.140-05:00Wow, what a week for SCOIt's getting hard to keep up with the SCO news! First they sue AutoZone, then they sue Daimler-Chrysler on the same day that they report more losses in a quarterly financial report. Then ESR comes out with "the memo" detailing how Microsoft is funneling money into SCO through other companies. Then we find out that the Judge tells IBM to give them the basic AIX files, but SCO has 45 days to Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078511882559741902004-03-05T13:38:00.000-05:002004-03-05T13:41:00.090-05:00Netcraft: Spam's Tenth Birthday TodayHere's a real nice article regarding the birth of Spam: Netcraft: Spam's Tenth Birthday Today. It goes through the rise of Spam to it's current form from it's simple beginnings as a usenet posting.Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1076116222712497642004-02-06T20:10:00.000-05:002004-02-06T20:12:43.890-05:00The end is nearerTo paraphrase Winston Churchill: This is not the end, this is the beginning of the end. Groklaw has a nice series of articles on the latest hearing in the SCO lawsuit. The headlines read that SCO ups damages to 5 billion, but the real headline is that SCO is dropping the "heart" of it's case, the contact dispute. They are back with the "millions" of lines of code in the press, but in court Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0