Information Security

Blocking phishing emails is part and parcel of now commonplace technology controls, supplied by a wide range of vendors and, depending on your viewpoint (or how many angry user phone calls received daily), they do a great, resonable or bad job of blocking this type of unsolicited email. Despite the technologies deployed, ultimately the human factor is at play [1].

read more

Its surprising how many organizations dont plan well for change. Change Control is a well known process, one that is well defined in many different frameworks (ITIL and the ISO 27000 Series and NIST for starters). Yet many organizations plan changes over coffee and a napkin (or a visio on a good day). This almost always results in figuring out problems during the change (I dont know about you, but the less 1am thinking I need to do, the better off I am!), conflicting changes, or changes that just plain dont work, and need to be backed out in a panic.

read more

Last month was Cyber-Security Awareness Month, and we had some fun presenting a different security standard each day. One of the standards we discussed was the ISO 27005 standard for Risk Assessment ( https://isc.sans.edu/diary.html?storyid=14332 ). So when the PCI Council released Risk Assessment Guideance this past week, it immediately caught my attention.

You can find the document here == https://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf

read more

Original release date: November 13, 2012 | Last revised: -- Systems Affected Microsoft Windows Microsoft Office Microsoft .NET Framework Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software.

read more

NOTE: Several of these patches apply to Windows 8 and Windows RT that were just released last month.

Overview of the November 2012 Microsoft patches and their status.






#

Affected

Contra Indications - KB

Known Exploits

Microsoft rating(**)

ISC rating(*)



clients

servers






MS12-071

read more

Have you ever been in this situation? Someone calls you for help and tries to explain their problem. They do such a poor job of explaining what they are seeing that you arent even sure what OS they are using much less how to fix their problem. You wish you had some way of remotely seeing their desktop, but the user is incapable of following instructions required for you to remotely connect to and administer their machine. This is especially frustrating when you are in the identification or containment phase of an incident.

read more

Next week Microsoft will release 6 new security bullitins. Of the six bulletins, five of them are critical and allow for remote execution of code. The pre-notification information indicates that the vulnerabilities are in Microsoft Office, Windows Server Platforms, the Desktop Platforms and Windows RT (Surface). It looks like next Tuesday will be interesting. Read more about it at the link below.

http://technet.microsoft.com/en-us/security/bulletin/ms12-nov

read more

Metasploits Service Trusted Path Privilege Escalation exploit takes advantage of unquoted service paths vulnerability outline in CVE-2005-1185, CVE=2005-2938 and CVE-2000-1128. The vulnerability takes advantage of the way Windows parses directory paths to execute code. Consider the following command line.

C:\windows\system32\notepad \temp\file.txt

read more

Earlier today, ISC reader Travis noticed that his proxy server was blocking some images from BusinessWeek Business Exchange (bx.businessweek.com). On closer inspection of the blocked content, he found that some files indeed had peculiar contents:





A company from Italy that sells log cabins probably cannot afford to advertise for their services on Businessweek...

read more

Yes, theres some irony to this diary entry. In the past, I have been suggesting repeatedly that organizations who do not have an all-out requirement to keep a Java JRE runtime installed, should get rid of it. Yet, here I was, a couple of days ago, reviewing some SIEM events at a Community College where I help out with IT Security, when something caught my eye (URLs defanged to keep you from clicking):



src=192.168.36.25 media-type=application/x-jar url=GET hxxp://outdrygodo.mine. nu/finance/etzko5.jar

read more

Nearing the end of the month it would be remiss not to mention the DSD 35 mitigating strategies. Whilst not strictly a standard it provides guidance and The Defence Signals Directorate or DSD is an Australian government body that deals with many things called Cyber. Amongst other things they are responsible for providing guidance to Australian Government agencies and have produced the Information Security Manual (ISM) for years.

read more

Let me preface this by saying that the history part of this ended up being way more complicated than we have space to cover in this story, I'll try to keep it brief.

read more

(we took a break from our standard fair this weekend and didn't publish any standards related diaries. 20/21 will be skipped as a result)
Over the years, I collected quite a number of standard connectors/cables and interfaces. This is certainly an area where standards seem to be proliferating quickly. To stick with our theme of security and security awareness, I would like to focus on a couple of popular standards and particular outline security aspects of the standard.

read more

Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - you'll find that most vendors have documents of this type.

read more

RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities

Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities

Update: In an attempt to get the link for the first script, I mistakenly put the link for another script. Fixed now. Thanks Michael for the oops :)
Ok ok the System on the title may be a bit too much for what this diary will show, but it will give you a nice idea on how to start to build your own analysis system using open source and free tools.
For the first part of this Diary we will focus on PE files, using three different tools for Static Analysis:
1) Malware.py -http://code.google.com/p/malwarecookbook/source/browse/trunk/malware.py

read more

Microsoft Windows Kernel 'Win32k.sys' Integer Overflow Privilege Escalation Vulnerability

The Center for Internet Security (CIS) is best known for it's Security Benchmarks. These are security standards for hardening various products and services, making them more resistant to attack, setting them to log and alert better and so on. There are a few attractions to using benchmarks from an organization like CIS:

read more

ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities