And you thought the DNS issue was an old one...
No, I don't really want to get into an argument about whether Dan Kaminsky has found anything new. It seems pretty clear that he's found a new, more efficient way to poison DNS caches or Microsoft/Cisco/ISC (not SANS ISC, but then you knew that) wouldn't have reacted in unison as they did, but we've known that the ID field was too small for something like 15 years and some folks like Dan Bernstein have been recommending using random source ports for about 10 years. In light of all of that noise, however, I was amused to read this Computerworld story about a bug in yacc (ah, the fond memories of my days writing compilers) that traces back to 1975 that was just discovered and fixed.
---Jim
Updates to some of our favorite tools
Over the last month or so, several of our favorite tools have been updated and we haven't necessarily mentioned them all here, so for those of you not standing in line waiting for your new iPhone 3G, here are a few to update.
- Wireshark. I was going to do this story last night at the very beginning of my shift and mention that 1.0.1 was out, well, 1.0.2 just came out and fixes a couple of issues including a potentially somewhat serious reassembly issue, see CVE-2008-3137 and CVE-2008-3141.
- Our friend, Daniel Cid has released OSSEC 1.5.1 and yesterday mentioned that he is in the process of adding the capability of checking a system against the CIS Security Benchmarks. Read more about it here.
- Another of our friends, Chris Rohlf has updated his binhash tool to v0.6.0 you can get it here.
Also, for those who like to shove data into MySQL databases for further analysis (who doesn't?), I came across these 2 posts by Marcin about a couple of Python scripts for parsing nmap and nessus output and loading them into MySQL. They look useful, though I haven't had an opportunity to do much with them yet.
Update: (2008-07-11 18:50UTC) Andreas Schuster points out that version 1.2 of mdd has also been released.
Update 2: (2008-07-11 19:15UTC) And how could I have forgotten that TrueCrypt v6.0a is out. Sigh... Announcement here and download here.
---Jim
Handling the load
Well, last month it was the Mozilla folks who hyped the release of Firefox 3.0 and then had their servers fold under the load. Today, it seems to be the iTunes site wilting under the load of all the folks trying to activate their new iPhones. If you are among those folks (obviously you aren't reading this from your iPhone then), all we can say is keep trying, the spike eventually decays to a point where the system can handle the load, but that is obviously of little solace to those who are without a phone at the moment.
Update: Some of my fellow handlers have pointed out to me that the problem is made somewhat worse by the release of the new firmware for the older iPhones and the MobileMe roll-out.
How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?
A couple of weeks ago, we announce a new critical vulnerability in Adobe Acrobat or Reader 8.1.2 that allows remote code execution. Adobe released an update for it, Security Update 1. The update process was confusing for lot of people, and after completing it, it was not clear how to check if the update had been properly installed, as it still says version 8.1.2 almost everywhere.
There are different ways to check it is installed. Thanks Erick (from Adobe). Please, scroll to the bottom of the Release Notes for instructions on Windows and Mac:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403742&sliceId=1
--
Raul Siles
www.raulsiles.com
Comments