Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - Corrected: From the mailbag InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Corrected: From the mailbag

Published: 2005-01-30
Last Updated: 2005-01-31 15:00:42 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Since today has been a pretty quiet day, I looked back through my mailbox at a few items that we haven't mentioned in recent diaries.


Defeating XP SP2 Heap Protection

There was some discussion earlier this week on several mailing lists about a new paper that describes a technique for evading one of the new buffer-overflow defenses introduced with SP2.

http://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm


New squirrelmail release

A new version of squirrelmail was released which fixes a couple of vulnerabilities in the popular webmail package.

http://www.squirrelmail.org


Still no MS05-002 patch for Win98 (vulnerable to Hebolani?)

The MS05-002 bulletin said that patches for Win98, Win98SE, and WinME would follow at a later date. One of our readers, Erik, has reported that it does not appear that they have been released yet.


Port 6346 on the rise

Looking at the trends page ( http://isc.sans.org/trends.php ) and the port details ( http://isc.sans.org/port_details.php?port=6346 ), there seems to be a big jump in traffic on this port. We haven't heard of anything new attacking on this port, but given that this port is primarily used for P2P filesharing (a favorite target of bots and worms), we'll be keeping our eye on this one.



=============================

Jim Clausing, jclausing/at/isc.sans.org
Keywords:
0 comment(s)
Diary Archives