(Successfully) Building Shared Object Rules (and Snort) under OpenBSD
Here at the VRT, we have been adding support for more platforms and operating systems for shared object rules in the VRT Certified rule packs. Recently we started work on building shared object rules for Snort under OpenBSD. We ran into problems. After careful investigation, I ha
'Tis the Season for 0-days
Hello, all! This is just a quick note that Microsoft has released a bulletin regarding a new 0-day in Internet Explorer versions 7 and 8. You can read all about it in their advisory at http://www.microsoft.com/technet/security/advisory/2488013.mspx as well as the reference for th
ClamAV 3.0 for Windows Open Beta
The public beta for ClamAV for Windows 3.0, which includes full integration of the ClamAV engine into the Immunet Protect product is now open. If you are interested in playing with ClamAV for Windows 3.0 please check out the following link: Beta Announcement The download links
Exim Remote Root
We've heard from a number of Sourcefire customers and open-source Snort users lately, asking us whether we'll be releasing coverage for last week's Exim remote root (CVE-2010-4344 for those keeping score at home). Based on what hit the Exim-dev mailing list, we felt c
Detecting Obfuscated Malicious JavaScript with Snort and Razorback
Unlike most Americans, who were busy recovering from a turkey-induced coma, I spent this past weekend at the Hackers 2 Hackers Conference in Sao Paulo, Brazil. In addition to being a nice respite from the cold weather in DC, the event featured excellent speakers on topics as dive
Inline Normalization with Snort 2.9.0
Snort 2.9.0 can take a more active role in securing your network in inline deployments by normalizing packets and streams to minimize the chance that Snort incorrectly models end systems. To accomplish this, a new preprocessor was added. You must configure with this option to bu
Rule release for today, Tuesday November 9th, 2010
Microsoft Security Advisory MS10-087: Microsoft Office contains programming errors that may allow a remote attacker to execute code on an affected system. Microsoft Security Advisory MS10-088: Microsoft Office PowerPoint contains programming errors that may allow a remote attack
Rule Release for Today, Thursday October 28th, 2010
Adobe Shockwave Player vulnerability, see more here: http://www.snort.org/vrt/advisories/2010/10/28/vrt-rules-2010-10-28.html
Rule Release for Today, Tuesday October 26th, 2010
Vulnerabilities in Adobe Shockwave Director and Mozilla Firefox. More details here: http://www.snort.org/vrt/advisories/2010/10/26/vrt-rules-2010-10-26.html