Rule release for today - December 15th, 2009
More problems with Adobe Acrobat and Acrobat Reader via the media.newPlayer function. Couple of rules to cover it, check here: http://www.snort.org/vrt/advisories/2009/12/15/vrt-rules-2009-12-15.html for more details and changelog.
Operation: Don't Tell Lurene We're Working On This
If you've been following this blog for a while, you might have noticed that Lurene only shows up when there is evil to be done. This is why she is here; she's really, really good at it. She is also the analyst team lead and makes sure we are all keeping the fuzzers runnin
I hope you're happy Bejtlich...you cost me a ton of sleep
So after two days of getting up at the crack of dawn, having to deal with other VRT folks before they've had their coffee and then driving through commuter traffic and getting on the Metro, I came home from the SANS Incident Detection Summit completely exhausted. But as my he
December 2009 Vulnerability Report
Sourcefire VRT Vulnerability Report December 2009 from Sourcefire VRT on Vimeo. December Vulnerability Report. This month, Alain Zidouemba talks about Microsoft Patch Tuesday, Adobe patches and Google's DNS offering.
Microsoft Tuesday Coverage for December 2009
Six more advisories from Microsoft this month. Coverage is applicable for MS09-070, MS09-071, MS09-072, MS09-073 and MS09-074. There's also a patch or two from Adobe this month. By our count, that's the third "quarterly" patch this quarter. We think we've s
Actual Conversation - botnets explained
[11:04] <[?] someone > Pusscat: basically im trying to walk an non-technical person though a simple irc bot [11:04] <[?] someone > my goal was for my mom to be able to accurately describe a botnet [11:04] <[?] someone > like code chunk - this is the c&c inte
Hand Parsing Packets for False Negative Glory
Yesterday, on the Snort-Sigs mailing list, we had a report of a potential false-negative in an older Snort rule. While he was unable to provide a full packet capture at the time, the author of the email was able to provide a copy-paste of the packet data. A lot of times, Alex Kir
require_3whs and the Mystery of the Four-Way Handshake
So, Tod Beardsley over at Breakingpoint Labs decided to kick around RFC793 some, and came across the "simultaneous connection". You can read the RFC at http://www.faqs.org/rfcs/rfc793.html, check around page 32 or look for the phrase "Simultaneous initiation".
Hacker2Hacker and the State of Computer Security in Brazil
I was lucky enough to attend the 6th Annual Hacker2Hacker Conference this weekend in Sao Paulo, Brazil as a speaker sent by Sourcefire. As it was my first time in South America, the trip was an enlightening one - not only did I learn all about the awesomeness that are caipirinhas