And you thought the DNS issue was an old one...
No, I don't really want to get into an argument about whether Dan Kaminsky has found anything new. It seems pretty clear that he's found a new, more efficient way to poison DNS caches or Microsoft/Cisco/ISC (not SANS ISC, but then you knew that) wouldn't have reacted in unison as they did, but we've known that the ID field was too small for something like 15 years and some folks like Dan Bernstein have been recommending using random source ports for about 10 years. In light of all of that noise, however, I was amused to read this Computerworld story about a bug in yacc (ah, the fond memories of my days writing compilers) that traces back to 1975 that was just discovered and fixed.
---Jim
Updates to some of our favorite tools
Over the last month or so, several of our favorite tools have been updated and we haven't necessarily mentioned them all here, so for those of you not standing in line waiting for your new iPhone 3G, here are a few to update.
- Wireshark. I was going to do this story last night at the very beginning of my shift and mention that 1.0.1 was out, well, 1.0.2 just came out and fixes a couple of issues including a potentially somewhat serious reassembly issue, see CVE-2008-3137 and CVE-2008-3141.
- Our friend, Daniel Cid has released OSSEC 1.5.1 and yesterday mentioned that he is in the process of adding the capability of checking a system against the CIS Security Benchmarks. Read more about it here.
- Another of our friends, Chris Rohlf has updated his binhash tool to v0.6.0 you can get it here.
Also, for those who like to shove data into MySQL databases for further analysis (who doesn't?), I came across these 2 posts by Marcin about a couple of Python scripts for parsing nmap and nessus output and loading them into MySQL. They look useful, though I haven't had an opportunity to do much with them yet.
Update: (2008-07-11 18:50UTC) Andreas Schuster points out that version 1.2 of mdd has also been released.
Update 2: (2008-07-11 19:15UTC) And how could I have forgotten that TrueCrypt v6.0a is out. Sigh... Announcement here and download here.
---Jim
Handling the load
Well, last month it was the Mozilla folks who hyped the release of Firefox 3.0 and then had their servers fold under the load. Today, it seems to be the iTunes site wilting under the load of all the folks trying to activate their new iPhones. If you are among those folks (obviously you aren't reading this from your iPhone then), all we can say is keep trying, the spike eventually decays to a point where the system can handle the load, but that is obviously of little solace to those who are without a phone at the moment.
Update: Some of my fellow handlers have pointed out to me that the problem is made somewhat worse by the release of the new firmware for the older iPhones and the MobileMe roll-out.
How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?
A couple of weeks ago, we announce a new critical vulnerability in Adobe Acrobat or Reader 8.1.2 that allows remote code execution. Adobe released an update for it, Security Update 1. The update process was confusing for lot of people, and after completing it, it was not clear how to check if the update had been properly installed, as it still says version 8.1.2 almost everywhere.
There are different ways to check it is installed. Thanks Erick (from Adobe). Please, scroll to the bottom of the Release Notes for instructions on Windows and Mac:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403742&sliceId=1
--
Raul Siles
www.raulsiles.com
Comments
Anonymous
Dec 3rd 2022
10 months ago
Anonymous
Dec 3rd 2022
10 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
9 months ago