Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Weekend grab bag SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Weekend grab bag
After a somewhat slow day at the Storm Center, I wanted to mention a few issues that we've heard about, but not written about in the last few days.

  1. Joanna Rutkowska was supposed to give a talk on Wednesday at BlackHat DC on a method that could be used to subvert hardware memory access (so rootkits could hide from live response memory captures).  I haven't yet seen any details, but it looks like it could be another fascinating/scary development.  The Dark Reading article is here.
  2. David Litchfield of has released a paper that explains that contrary to Oracle's assertions in the past that CREATE PROCEDURE privs were required for many SQL injection attacks to succeed, it turns out that merely the ability to connect to the database (CREATE SESSION privilege) is sufficient.  All the more reason to limit the ability to connect to the database, encrypt the connections, and make sure you are using strong authentication.
  3. The continuing saga of A/V software vulnerable to DoS while attempting to unpack crafted files (previously Symantec, ClamAV and Trend had problems with UPX and Kaspersky with PE) hit Kaspersky again (UPX this time).  Apparently, they actually fixed the problem a month ago, but publicly acknowledged it today, see the posting to the vulnwatch list.
  4. There are a couple of interesting articles this week by folks who have managed to pull browser history without Javascript.  We've often recommended the NoScript extension to Firefox, but even that isn't enough anymore.  Check out the stories here, here, here, and the "original" one here.
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Live Online Europe February 2022 Volume 1


423 Posts
ISC Handler
Mar 3rd 2007

Sign Up for Free or Log In to start participating in the conversation!