[SecurityRatty] tag: parody

'Paris for President' Parody Strikes Viral Gold

Sun, 10 Aug 2008 15:30:00 +0000

Socialite turned political spoofer Paris Hilton hits web gold with her faux bid for presidency. The mock campaign video has been viewed more than 6.2 million times.

Dynamic vulnerability assessment

Mon, 09 Jun 2008 08:38:11 +0000

A few weekes ago I wrote about the current state of vulnerability assessment being like a parody of an Obama/Hillary commerical. Who answers the phone at 3am? For vulnerability assessment, the results are only as good as who answers the scan. This has been a problem for security managers and vulnerability assessors for some time. Balancing scanning during prime time and impacting network performance versus scanning during down times when the devices you need to scan may not be available.

Today StillSecure announced our reponse to ending this problem. We call it Dynamic Vulnerability Assessment (DVA). With DVA you will have vulnerability and compliance data as of at least the last time a device logged on the network. This closes the loophole and gives organizations a much more comprehensive and secure assessment of who is on the network and what they look like.

To accomplish this we are using some of our NAC technology from Safe Access. This allows us to detect devices as they come on the network. We can also use the purpose built Safe Access testing engine to deep compliance checks to supplement the tradtional vulnerability checks. We think this is a big step up in vulnerability assessment and management. Am interested in what others think.

Dynamic vulnerability assessment

Mon, 09 Jun 2008 07:38:11 +0000

The Whitehouse.org Serving Malware

Tue, 20 May 2008 22:38:02 +0000

The Whitehouse.org a parody site of the original Whitehouse.gov is serving malware. From TrendMicro's blog :

"According to Trend Micro Advanced Threats Researcher David Sancho, whitehouse.org has been compromised to harbor some malicious, obfuscated JavaScript code which “background downloads” code to unsuspecting visitors of the site, where a malicious file is downloaded (which is detected by Trend Micro as TROJ_DELF.GKP ). Of course, the official White House Web site is whitehouse.gov, and although it has been reported that some people believe whitehouse.org is the real deal, even those looking for this site specifically should be forewarned."

The malicious domain embedded within the site ad.ox88.info/13.htm (67.15.212.150) is using Mal/ObfJS-AP/Exploit:HTML/AdoStream to serve the malware, whereas the domain itself is using DNS servers known to provide service to malicious domains from previous malware embedded attacks that I've been assessing.

Proper zoning can help avoid the Cone of Silence problem

Sat, 19 Jan 2008 10:12:06 +0000

With news that they are resurrecting the old Get Smart parody of the James Bond spy series in a new movie, I can’t wait to see what ridiculous and useless security measures they dream up. Some of you may remember Maxwell Smart walking purposefully down a long hallway during the opening theme, with a [...]