Rule Release for Today, Wednesday August 25th, 2010
Adobe, vulnerabilities in Director, no kidding. Who would've thought that? Well, rules are out. Check it out here: http://www.snort.org/vrt/advisories/2010/08/25/vrt-rules-2010-08-25.html
Rule Release for Today, Wednesday August 18th, 2010
Maintenance release this one, some new rules, some modifications, check it out here: http://www.snort.org/vrt/advisories/2010/08/18/vrt-rules-2010-08-18.html
ClamAV Release Announcements
ClamAV for Windows 2.0 has officially launched. This version contains a new GUI, numerous new detection features, a new prevention engine, and a ton of other features. Check out ClamAV for Windows 2.0 (here) New Features Include: * New GUI - Completely new UI for a better user
Malware on Android? Big deal!
Malware and Google's Android OS are two of my favorite things to play with. You would think that when I heard that there was a Trojan in the wild targeting Android devices, I'd be all over it. Indeed, I was. But I was not happy because I just don't like the sound of &
Rule Release for Today, Thursday August 12th, 2010
Adobe, HP and Symantec products have issues, we have rules, check it out here: http://www.snort.org/vrt/advisories/2010/08/12/vrt-rules-2010-08-12.html
Snort 2.9 Essentials: The DAQ
The recently released Snort 2.9 Beta introduces the Data AcQuisition library (DAQ), for packet I/O. The DAQ replaces direct calls into packet capture libraries like PCAP with an abstraction layer that make it easy to add additional software or hardware packet capture implementati
Quick analysis of a webpage leveraging CVE-2010-1885 (aka the help and support center vulnerability)
In a previous blog post I was writing about an increase in attacks against an at the time, un-patched vulnerability. Microsoft patched it on July 13, which doesn't mean that people aren't still trying to own un-patched machines.goodgirlsbadguys.com (213.155.12.144) is a d
Rule Release for Today, Tuesday August 10th, 2010
Microsoft Security Advisory MS10-046: Microsoft Windows Shell contains a vulnerability that may allow a remote attacker to execute code on an affected system. Previously released rules to detect attacks targeting these vulnerabilities have been updated with the appropriate refer
Rule Release for Today, Tuesday August 3rd, 2010
A dded and modified multiple rules in the exploit, ftp, imap, mysql, netbios, rpc, specific-threats, sql, web-activex, web-client, web-iis, web-misc and web-php rule sets. Check here for details: http://www.snort.org/vrt/advisories/2010/08/03/vrt-rules-2010-08-03.html