OfficeCat Update
New advisories from Microsoft concerning Word. We've updated OfficeCat to provide coverage, more information on OfficeCat here: http://www.snort.org/vrt/tools/officecat.html
Microsoft Tuesday Coverage for December
Today was a busy day, lots of new rules and coverage for the following MS advisories: MS08-070 MS08-071 MS08-072 MS08-073 MS08-074 MS08-075 MS08-076 MS08-077 We have released rules for attack coverage and you can find details at vrt-rules-2008-12-09.html
Twitter Feed Available
We now have a twitter account where we are going to be micro-blogging our rule updates and blog posts. The feed can be found here: http://twitter.com/VRT_Sourcefire.
OpenSSH Plaintext Recovery Attack - nothing to panic about
So, somebody pointed this out to me the other day: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt which talks about the probability of recovering some plain text from an ssh session. Having seen nothing at all from OpenSSH about this, my first reaction was "OH NO
New rule groups and new rules for SCADA
Today's VRT Certified Rule release sees the introduction of two new rule groupings, scada.rules and web-activex.rules. SCADA Rules: This group contains rules that pertain to the Supervisory Control and Data Acquisition (SCADA) protocol used for computer controlled system mon
VRT Rule Release Feed
We have added a news feed for our rule release advisories, you can get it here: http://www.snort.org/vrt/advisoryfeed.xml It is very basic, but it will help keep track of new snort rule releases.
Microsoft Tuesday Coverage for November
Not a huge month for Microsoft problems this time around. There are two interesting sets vulnerabilities though, one in XML Core Services (MS08-069) and the other in SMB (MS08-068). We have released rules for attack coverage and you can find details at vrt-rules-2008-11-11.html
White Paper on the MS08-067 vulnerability and the associated malware
Matt Olney, Alain Zidouemba and Lurene Grenier of the Sourcefire VRT have collated their analysis of the DCE/RPC vulnerability announced in Microsoft Security Bulletin MS08-067. A white paper that discusses this issue is now available on snort.org at the following address: http:
Out of Band Microsoft Security Advisory MS08-067
Today, Microsoft released an out of band patch for a vulnerability concerning DCE/RPC that is being actively exploited by a Trojan. We were busy today :D Details on what we were busy with are available here: http://www.snort.org/vrt/advisories/vrt-rules-2008-10-23.html More de