Congratulations Brian Granier!

Published: 2007-09-28
Last Updated: 2007-09-28 20:58:16 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Our handler Brian Granier became this week the second student to graduate from the SANS Technology Institute!


0 comment(s)

Grey Friday?

Published: 2007-09-28
Last Updated: 2007-09-28 17:13:59 UTC
by Stephen Hall (Version: 2)
0 comment(s)

Just as the memories of this months Patch Tuesday faded into the past, Microsoft have announced an update to the advisory for MS07-042.

Microsoft have updated from Version 1.1 to Version 2.0 and it covers two issues

  • Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Expression Web as affected products.  
  • Potential reliability issue exists in applications that have installed Microsoft XML Core Services 4.0 on Windows Vista,     which can be addressed by applying the download available in Microsoft Knowledge Base Article 941833.

Edit ; We have received clarification from Microsoft that the update to MS07-042 has only changed the detection logic, and nothing more. Microsoft have also indicated that FIRST's comments originated from the initial Microsoft advisory.



0 comment(s)

Python script for packer identification

Published: 2007-09-28
Last Updated: 2007-09-28 03:21:11 UTC
by Jim Clausing (Version: 1)
0 comment(s)

In doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote (my first Python script) which uses a peid database like this one (updated 2007-09-28 02:30 UTC) or Neil's collection or this one from Panda. Mine includes a few additional signatures or changes that I've made recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.  Until that happens, I'll be periodically updating mine, see the tools section of my handlers page.

0 comment(s)

Cyber Security Awareness Month - Daily Topics

Published: 2007-09-28
Last Updated: 2007-09-28 01:25:52 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

October is Cyber Security Awareness Month and the Internet Storm Center is going to focus on one security awareness subject per day.  We plan to provide useful information for information security professionals who want to educate their users but do not have a ready set of awareness tips. 

We asked for your ideas and boy did you have some good ones. To all of our readers who sent in hundreds of ideas over the past two weeks, thanks very much!  It took a bit of work but I think we've got about 95% of the topic suggestions covered.  Below is the list of topics by week and day that we will use them in October.  As you'll see, the first week focuses on tips for getting the message out to your users.  Subsequent weeks focus on specific topics.

We need your help beginning this weekend and continuing through the month of October.  If you would like to submit a tip, please use our contact form and be sure to put something in the subject like "Security Tip, day 15" to make it easier for us to sort them.  Keep your tips brief and to the point, also remember that the audience is the end user, not your sysadmins or netops geeks.

1. Establishing a User Awareness Training Program
  1 Penetrating the "This Does Not Apply To Me" Attitude
  2 Multimedia Tools, Online Training, and Useful Websites
  3 Getting the Boss Involved
  4 Enabling the Road Warrior
  5 Social Engineering and Dumpster Diving Awareness
  6 Developing and Distributing Infosec Policies

2. Best Practices
  7 Host-based Firewalls and Filtering
  8 Anti-Virus, Anti-Spyware, and Other Protective Software
  9 Access Controls, Including Wireless, Modems, VPNs, and Physical Access
 10 Authentication Mechanisms (Passwords, Tokens, Biometrics, Kerberos, NTLM, Radius)
 11 File System Backups
 12 Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
 13 Patching and Updates

3. Hardware/Software Lockdown
 14 Data Encryption
 15 Protecting Laptops
 16 Protecting Portable Media like USB Keys, iPods, PDAs, and Mobile Phones
 17 Windows XP/Vista Tips
 18 Mac Tips
 19 Linux Tips
 20 Software Authenticity (Digital Signatures, MD5, etc.)

4. Safe Internet Use
 21 Understanding Online Threats, Phishing, Fraud, Keystroke Loggers
 22 Detecting and Avoiding Bots and Zombies
 23 Using Browsers, SSL, Domain Names
 24 Using Email, PGP, X509 Certs, Attachments
 25 Using Instant Messaging and IRC
 26 Safe File Swapping
 27 Online Games and Virtual Worlds

5. Privacy and Protection of Intellectual Property
 28 Cookies
 29 Insider Threats
 30 Blogging and Social Networking
 31 Legal Awareness (Regulatory, Statutory, etc.)

Marcus H. Sachs
Director, SANS Internet Storm Center

0 comment(s)
Diary Archives