Since today has been a pretty quiet day, I looked back through my mailbox at a few items that we haven't mentioned in recent diaries.
Defeating XP SP2 Heap Protection
There was some discussion earlier this week on several mailing lists about a new paper that describes a technique for evading one of the new buffer-overflow defenses introduced with SP2.
New squirrelmail release
A new version of squirrelmail was released which fixes a couple of vulnerabilities in the popular webmail package.
Still no MS05-002 patch for Win98 (vulnerable to Hebolani?)
The MS05-002 bulletin said that patches for Win98, Win98SE, and WinME would follow at a later date. One of our readers, Erik, has reported that it does not appear that they have been released yet.
Port 6346 on the rise
Looking at the trends page ( http://isc.sans.org/trends.php ) and the port details ( http://isc.sans.org/port_details.php?port=6346 ), there seems to be a big jump in traffic on this port. We haven't heard of anything new attacking on this port, but given that this port is primarily used for P2P filesharing (a favorite target of bots and worms), we'll be keeping our eye on this one.
Jim Clausing, jclausing/at/isc.sans.orgI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online
Jan 31st 2005
1 decade ago