Rule release for today - July 15th 2009
Couple of Mozilla Firefox issues that need to be addressed... Mozilla Firefox Remote Code Execution: Mozilla Firefox contains a programming error that may allow a remote attacker to execute code on an affected system. A failed attempt will cause a Denial of Service against the a
Why I'd Dress LIke a Cheerleader
Twitter, the Internet’s biggest game of telephone, occasionally yields some interesting material. Yesterday, as an example, Lurene got a tweet that someone was upset about the Saphead’s write up of their work in this year’s DefCon CTF qualifier. The imagery they used to convey th
Rule release for today - July 14th 2009
A number of issues for Microsoft products this month, here are some selections... Microsoft Security Advisory (MS09-028): Microsoft DirectShow contains programming errors that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting t
Sourcefire VRT firebreathing pig
Here's our video of the firebreathing pig. We made this in December of 2007. Now that we have a good camera, maybe we should reshoot the video.
Ask the VRT a question
We are extending the opportunity for you, the reader, to ask us questions. We will select the best question(s) each week and publish them, along with the answers we give, here. "What kind of questions can I ask?" Well, thanks for asking, you can ask us anything. It ca
Following us at tumblr
We now have an additional feed of our blog, our twittering and our upcoming video channel all rolled into one at tumblr. Check it out at http://vrt-sourcefire.tumblr.com/. We aren't going to publish other content at that blog that doesn't appear here, rather it is meant
Rule Performance Part One: Content Matches
One of the many things that occupy the time of the VRT is reviewing rule performance data, whether that data is internally generated from one of our test environments or received from customer reports. In the “Rule Performance” series of blog posts, we’ll look at the set of issue
Microsoft Video ActiveX Control rule coverage
So, a bit of a problem with an ActiveX control that can be leveraged via a webpage, without any user interaction required. Who would've expected that? Microsoft Security Advisory (972890): The Microsoft Video ActiveX control contains a vulnerability that may allow a remote a
Rule release for today - July 1st 2009
Well, we've continued the work on modifying netbios rules to take advantage of the new dcerpc preprocessor and changed a bunch of the shared object rules. Here's a mapping of modified and replaced rules: Replacement Rule(s) (GID 3) Replaced Shared Object Rules (GID 3) 14