Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Good Morning 2007 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Good Morning 2007
Well, 2007 has finally made it to most all of the world. (Only about 4 timezones left to cross midnight as I write this.)  It is now time for you to send your annual membership renewal to the ISC.  If you act now, we will slash our usual price by 50%, so send your checks for $0.00 USD in care of Marc Sachs. :-)

Enough joking around.  A few things to mention to start out the first work day of the year.  I know that many of you have taken time to mitigate these things.  But I suspect many of you were in the same situation as I was regarding taking vacation time prior to the end of the calendar year.  So take heed, there are a few items that need to be addressed along with all of the normal Microsoft monthly updates, and other updates that may have been overlooked due to winter holiday season.

1) In November, Bojan discussed a WinZip vulnerability that was being addressed by an update. Exploit makers have not rested over the holiday break and milw0rm has released exploit code for this vulnerability.  It is advised that WinZip users update to 10.0 build 7245  or version 11 as soon as possible.  (Thanks Juha-Matti for that note.)

2) As a reminder, Symantec Client Security and Antivirus Corporate Edition customer should continue to make a priority of updating your managed hosts.  From the data I have seen at DShield, network activity involving this port is still elevated.  I would expect that as infected mobile users return to corporate networks or university campuses that this activity will spike at perhaps its highest level.  Unmanaged SAV-CE/SCS clients are not vulnerable to the issue in question, but should be updated as well.  Joel discussed the "SAV botnet" in late November as well.

3) If you haven't updated your antivirus signatures for both mail gateways and client systems, or even considered stripping executable content from email, then get to it.  This should have been common practice many years ago.  Yet it does seem like some organizations are not doing so.  I would hope that defense in depth will protect your organization from your click-happy users.  But it would be best to check and make sure that the configurations on your mail exchangers, IDS and antivirus products are rock solid.  There are a number of diary entries in the past week about the recent postcard.exe virus.

Update 1:

4)  InfoSec practitioners understand the importance of time and date accuracy when it comes to forensics.  So while you are updating your computers, take the time to check the time zone settings and accuracy of the clock.  In the United States, there is a Microsoft update for Daylight Saving Time that we discussed in November.  I would expect that other Operating System vendors have similar updates.  I would also encourage the use of a time server and synchronization application like NTP.  There is more information on NTP located at  http://www.ntp.org/ and http://www.eecis.udel.edu/~mills/ntp.html .  (Thanks Blake for the reminder on this.)

5) In many municipalities, various new rules and regulations went into effect.  Some of these may involve taxes or other updates that may need to be addressed in your business or e-commerce applications.  This would be a great thing to discuss with your developers and make sure they are making appropriate changes.


ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!