Secure San Diego

Caught your eye on that one. It seems there is a new vulnerability/exploit out there that MSFT so “bad” that they have resleased an out of band patch. How bad is it, well let’s just say you should patch all your windows system ASAP. I am not going to analyze this patch again, as many others have done so already.

Just 2 words for you – PATCH IT

As of 11:00 PM PST there is a known working Exploit in the wild in the form of a worm.

Read all about this in teh links below.

Microsoft Patch Notification

Microsoft TechNet Blog entry

Microsoft TechNet Blog Entry more about

The normal SANS Stuff

Exploit information links below

Good blog entry on the worm/exploit – ThreatExpert

Another Good Entry – Team Furry

Comment as you see fit.

Tags: Malware, Virus, Vulnerabilites

Today AV in it’s traditional form should be dead. It has taken me sometime to catch up on my RSS feeds but it was worth the time. As I got down toward the end I ran across this item from Secunia – Symantec beats the competition.., now since I am not a fan of Symantec I was very interested in what this had to say.

As it turns out Secunia did a test of 12 internet security suites and the results where lets say less than desireable. The test was to throw 300 exploits to known vulnerabilities at the 12 and see how well their detection rate was. Over all – one word FAIL. So does this mean that you are not safe well sort of.

Even the “high” score from Symantec was disappointing. Symantec detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected!

Read more here http://secunia.com/blog/29/

and

here are the test results http://secunia.com/gfx/Secunia_Exploit-vs-AV_test-Oct-2008.pdf

Stay tuned for What’s Next for AV

Tags: Anti Virus, Malware, Virus

Today was a good day for ToorCon, registration was easy, the talks where good overall.

The KeyNote
One thing about the keynote; if I have to hear about that dam DNS vulnerability again I think I am going to be sick. For those of you who have not heard it, the talk is not that bad. He does cover allot of impacts from this vulnerability which for those of you who have not patched your systems should scare you into patching it.

Loaded Dice: SSH Key Exchange & the OpenSSL PRNG Vuln – Ben Feinstein
This talk gave a good overview on the Debian SSH OpenSSL vulnerability and tools used in exploiting it.

Advanced SQL Injection – Joseph McCray
This by far was my favorite talk. The speaker was excellent and had a great way of interacting with the audience. The topic covered the basic forms of SQL Injection and ways to exploit them. There was discussion on ways to evade IP(d)S and different ways to get past errors in your SQL code placed in the URL.

One XSS To Rule The Enterprise – Grutz
This speak was very interesting and I thought that this use of XSS was very out of the box. Being able to grab credentials for internal domains, etc..

Tags: Conferences, Round up, ToorCon

This Weekend I will be attending the San Diego ToorCon conf. I have never been able to attend this particular conf but have heard great reviews of past Conf. BTW this is thier 10th year.

Tags: Conferences, ToorCon

Over the past few months we have noticed a rash of Fake Antivirus running around the internet. This stuff is typically called XP Antivirus 200(8)(9) etc..

Personally I have cleaned around 15 systems from this infection it is not easy and typically downloads other malware such as Keylogger’s, Browser toolbars, etc..

The writters are putting out new varients of this malware every couple of weeks, so what we have here is a virus that the real antivirus companies are having trouble keeping up with.

You can read more about the new variant here.

Tags: Malware, XP Antivirus