PHP-CGI Leads To C99 Shell
While reviewing the events on one of the network the VRT monitors, we decided to do some digging on an event triggered by scan for the recently released PHP-CGI vulnerability. Knowing what attackers were actually trying to drop onto vulnerable systems would be itneresting, we fig
PHP-CGI vulnerability - exploits in the wild and Snort coverage
You've probably heard about the PHP-CGI command-line parameter vulnerability (CVE-2012-1823) released last Thursday, especially if you're defending a PHP-based web application environment. While it makes use of a non-default configuration for exploitation, for users who c
Snort Performance and IP-Only Rules
One of the most frequent topics that comes up when I'm out speaking to customers, or when anyone from the VRT is discussing Snort on a mailing list, IRC channel, etc., is performance. Everyone wants to know how to make their rules faster - and many people are willing to go to
Adventures in Domain Takedowns
I gave a presentation entitled "Adventures in Domain Takedowns" recently at the APCERT 2012 conference in Bali, Indonesia. The conference itself was excellent - plenty of good technical material and lots of useful contacts - and the location, of course, couldn't hav
A FABULOUS policy rule
Lots of people in the security space are familiar with the blog of Brain Krebs, a former Washington Post network security writer and one of a tiny number of IT security journalists who actually gets it. If you're not following him on Twitter (@briankrebs), you should be. Esp
An Exploit Kit Was Sent To You
Unless you've got the world's best spam filter, you've probably seen one of the latest spam techniques used by malware-dropping bad guys: what appears to be an automated email informing you that a multi-function scanner/copier was used to send you a document. It's
Android.Counterclank: Malware or Adware?
This weekend I noticed a ComputerWorld article titled "Massive Android malware op may have infected 5 million users". After reading, it seemed to be exactly the sort of thing many people have been suggesting - an increasingly large-scale outbreak of malicious activity i
Cross-Platform Single-Request Web Server DoS From CCC
Security never sleeps, even if it is the week between Christmas and New Year's, and most of you are on vacation, enjoying time with your family, or just goofing off because the office is empty. Today's reminder of that reality comes from Alexander Klink and Julian Walde,
Malware Mythbusting
The malware sandbox that I've previously discussed on this blog has made for a lot of useful Snort rules - but it's also helped get me some excellent speaking slots around the world this year. This time, I've just wrapped up a presentation titled "Malware Mythbus