Quick plug: Netcat in the Hat
Over the past several months, several of the handlers have written up security-based, "themed" challenges. This month, I wrote one entitled "Netcat in the Hat," a nod to every child's best friend, Dr. Seuss. (And trust me, having written the challenge in rhyme, I have a new-found respect for the good doctor...) You can find it here. Check it out and submit an answer!
Keywords:
0 comment(s)
DUNZIP32.dll Buffer Overflow
Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow. The vulnerability is due to a third party dll, DUNZIP32.dll. IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.
Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.
Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.
Keywords:
0 comment(s)
Trojan.Mdropper.Q / Email Attachment Practices / Word 2000 0-day
Thanks to frequent reader Juha-Matti Laurio for sending us a note about Trojan.Mdropper.Q and the previously undiscovered Microsoft Word 2000 vulnerability that comes with it. Trojan.Mdropper.Q activates when a file containing it is opened, and then installs a backdoor on the machine. Fortunatly as with most Office vulnerabilities a user has to actually open the file before the trojan can be activated. Generally my advice to users is not to open files that they are not expecting even if they know the person that sent the file, but this one has made me curious, what do other system admins recommend to their users? Do you have a policy on email attachments? Is this policy automaticly enforced?
Update #1
It appears Symantec has updated their site to include the size of the Trojan: 79,265 bytes. Happy Antivirus updating!
Update #2
Juha-Matti writes to tell us that Securiteam has posted an entry about this vulnerability on their blog. Check out their post here. Mcafee is calling this one W32/MoFei.worm.dr, and has a writeup about the Trojan here. It is still unknown as to what vulnerability this is exploiting.
Update #3
Microsoft published some news about the "0-day" in MS Word here. They offer two pieces of advice.
1) Don't open Word files from people you don't know. (This goes back to not eating candy until your parents look at it at Halloween, and not opening the door for strangers.)
2) Use Word 'viewer'.
Of course Microsoft publishes great "Suggested Actions".
Protect your PC by enabling a firewall (which, btw, does not keep Word files out)
In fact one of Microsoft's suggested actions is: "Keep Windows Updated"... we'd love to. If there was a fix for the problem!
Let's hope they get it patched as soon as possible.
Update #1
It appears Symantec has updated their site to include the size of the Trojan: 79,265 bytes. Happy Antivirus updating!
Update #2
Juha-Matti writes to tell us that Securiteam has posted an entry about this vulnerability on their blog. Check out their post here. Mcafee is calling this one W32/MoFei.worm.dr, and has a writeup about the Trojan here. It is still unknown as to what vulnerability this is exploiting.
Update #3
Microsoft published some news about the "0-day" in MS Word here. They offer two pieces of advice.
1) Don't open Word files from people you don't know. (This goes back to not eating candy until your parents look at it at Halloween, and not opening the door for strangers.)
2) Use Word 'viewer'.
Of course Microsoft publishes great "Suggested Actions".
Protect your PC by enabling a firewall (which, btw, does not keep Word files out)
In fact one of Microsoft's suggested actions is: "Keep Windows Updated"... we'd love to. If there was a fix for the problem!
Let's hope they get it patched as soon as possible.
Keywords:
0 comment(s)
Internet Systems Consortium BIND Denial of Service Vulnerabilities
Internet Systems Consortium has stated there are a couple vulnerabilities in BIND (DNS server), that can be exploited to cause a DoS.
SIG Query Processing (CVE-2006-4095):
1) An assertion error within the processing of SIG queries can be exploited to crash either a recursive server when more than one SIG(covered) Resource Record set (RRset) is returned or an authoritative server serving a RFC 2535 DNSSEC zone where there are multiple SIG(covered) RRsets.
Excessive Recursive Queries INSIST failure (CVE-2006-4096):
2) An error within the handling of multiple recursive queries can be exploited to trigger an INSIST failure by causing the response to the query to arrive after all clients looking for the response have left the recursion queue.
So ensure you are patched to the current version: BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1, or BIND 9.2.6-P1.
Updates are available here.
As of this time we have not received any information on an exploit for either vulnerability.
SIG Query Processing (CVE-2006-4095):
1) An assertion error within the processing of SIG queries can be exploited to crash either a recursive server when more than one SIG(covered) Resource Record set (RRset) is returned or an authoritative server serving a RFC 2535 DNSSEC zone where there are multiple SIG(covered) RRsets.
Excessive Recursive Queries INSIST failure (CVE-2006-4096):
2) An error within the handling of multiple recursive queries can be exploited to trigger an INSIST failure by causing the response to the query to arrive after all clients looking for the response have left the recursion queue.
So ensure you are patched to the current version: BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1, or BIND 9.2.6-P1.
Updates are available here.
As of this time we have not received any information on an exploit for either vulnerability.
Keywords:
0 comment(s)
Updated Packet Attack flash animation
I updated the "Packet Attack" flash animation. It wasn't updating correctly and I added some hints on how to include it in your own page. You also have the choice between two different map images.
The animation shows a geographical representation of all reports received during the last 5 minutes.
(Thanks to Morgan Grant for helping with the update!)
The animation shows a geographical representation of all reports received during the last 5 minutes.
(Thanks to Morgan Grant for helping with the update!)
Keywords: flash iscinternal
0 comment(s)
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago