Tweeting from DoJoSec
We'll be tweeting from DoJoSec tomorrow night. Follow us at: http://twitter.com/VRT_Sourcefire. For everyone already following us who will get this posting on twitter soon, pay attention tomorrow evening. Event starts around 6:00 pm EDT. If we can get pictures, we will.
IDA Pro 5.5 Alpha
This just in: http://hexblog.com/2009/06/ida_pro_55_goes_alpha.html SWEET!
DoJoSec Meeting - June 4th
The DoJoSec lineup for the June meeting has been announced and our own Alain Zidouemba will be giving a presentation entitled "What to do with the Unknown". Alain will be demonstrating what options are available to the administrator when an unknown piece of malware is
Gumblar and More On Javascript Obfuscation
A couple of months ago I put together a post on detection of obfuscated JavaScript. Not surprisingly, that topic has popped back up on the VRT radar screen this week, this time in the context of something much more interesting - Gumblar, the new worm that everyone is talkingabout
Winamp MAKI Parsing Vulnerability Details
About two months ago, we found a vulnerability in the Winamp 5.55 MAKI script parsing module. We reported our findings to AOL. AOL then released Winamp version 5.552 with the fix. Here are the details: Winamp MAKI Parsing Integer Overflow Vulnerability Vendor: AOL/Nullsoft Sev
Rules to detect IIS 6.0 WebDAV exploit
Thanks for the inquiries. Here are rules that detect attacks against IIS 6.0 with WebDAV enabled. (see yesterdays post for details) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS Microsoft IIS 6.0 WebDAV COPY remote authentication bypass attempt"
Snort protection against IIS 6.0 WebDAV exploit
Microsoft Security Advisory (971491) published on May 18, 2009 concerns a vulnerability in IIS that may allow unauthorized access to an area of a website that would normally be protected. An attack against IIS 6.0 with WebDAV enabled was published at milw0rm (http://www.milw0rm.
IP Blacklisting in Snort
Our Supreme Overlord and Benevolent Dictator, Marty Roesch, had a little free time on his hands over the weekend and spent some of it writing a new preprocessor for Snort 2.8.4.1 that implements IP blocklisting. This should help a great deal with performance for those folks who l
Microsoft Tuesday Coverage for May MS09-017
Microsoft Security Advisory MS09-017: Microsoft PowerPoint contains several programming errors that may allow a remote attacker to execute code on a vulnerable system via a specially crafted PowerPoint file. Rules to detect attacks targeting these vulnerabilities are included in