How do I become a Ninja?
Earlier this week, we posted this blog item: Ask the VRT a question. We had a few people write in and ask us questions about Snort, Snort rules and the other obvious Snort related questions. Then, we got something interesting... mish asks "How do I become a Ninja?" (H
Rule release for today - July 16th 2009
For those of you following our twitter feed, you now know why we were laughing last night... ISC DHCLIENT Buffer Overflow (CVE-2009-0692): The ISC DHCLIENT daemon suffers from a programming error that may allow a remote attacker to capitalize on a stack overflow and execute code
Rule release for today - July 15th 2009
Couple of Mozilla Firefox issues that need to be addressed... Mozilla Firefox Remote Code Execution: Mozilla Firefox contains a programming error that may allow a remote attacker to execute code on an affected system. A failed attempt will cause a Denial of Service against the a
Rule release for today - July 14th 2009
A number of issues for Microsoft products this month, here are some selections... Microsoft Security Advisory (MS09-028): Microsoft DirectShow contains programming errors that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting t
Sourcefire VRT firebreathing pig
Here's our video of the firebreathing pig. We made this in December of 2007. Now that we have a good camera, maybe we should reshoot the video.
Ask the VRT a question
We are extending the opportunity for you, the reader, to ask us questions. We will select the best question(s) each week and publish them, along with the answers we give, here. "What kind of questions can I ask?" Well, thanks for asking, you can ask us anything. It ca
Following us at tumblr
We now have an additional feed of our blog, our twittering and our upcoming video channel all rolled into one at tumblr. Check it out at http://vrt-sourcefire.tumblr.com/. We aren't going to publish other content at that blog that doesn't appear here, rather it is meant
Microsoft Video ActiveX Control rule coverage
So, a bit of a problem with an ActiveX control that can be leveraged via a webpage, without any user interaction required. Who would've expected that? Microsoft Security Advisory (972890): The Microsoft Video ActiveX control contains a vulnerability that may allow a remote a
Rule release for today - July 1st 2009
Well, we've continued the work on modifying netbios rules to take advantage of the new dcerpc preprocessor and changed a bunch of the shared object rules. Here's a mapping of modified and replaced rules: Replacement Rule(s) (GID 3) Replaced Shared Object Rules (GID 3) 14