SEARCH RESULTS
 
Showing 1-10 of 35 records
 
Expand article

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org
 
Merry Christmas from the RBN. Now on a PC near you, a stripshow from Santa's helpers. Or not The ISC reported the expected Storm surge Christmas eve at 0000 GMT hxxp://merrychristmas.com/stripshow.exe (modified to protect the innocent) yields a hash of 2BBA62FBC3B9AF85C3C7D64A82E1237C. Once executed it immediately copies itself as disnisa.exe to...
 
Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192
 
 
 
 
Expand article

Obfuscating Fast-fluxed SQL Injected Domains

The Article has images
2008-07-17 15:31:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
It's all a matter of how you put it, and putting it like represents a good example of tactical warfare, namely, combining different tactics for the sake of making it harder to keep track of the impact of a particular SQL injection campaign. Consider the following examples of obfuscated domains, naturally being in a fast-flux in the time of the...
 
Tags: sql, massive sql injections, sql injection campaign, sql injection attacks, popular sql injectors, massive sql injection, site sql, sql injection, campaign
 
 
 
 
Expand article

Web Server Software and Malware

The Article has images
2007-06-05 09:30:00 by Niels Provos in Google Online Security Blog
Posted by Nagendra Modadugu, Anti-Malware Team In this post, we investigate the distribution of web server software to provide insight into how server software is correlated to servers hosting malware binaries or engaging in drive-by-downloads We determine server operating system by examining the 'Server:' HTTP header reported by most web...
 
Tags: servers serve malware, servers, apache servers, malicious servers, web server software, server software, web servers, microsoft iis, microsoft iis features
 
 
 
 
Expand article

PCI Compliance: Learning from the U.S. Air Force

2008-06-05 00:12:46 by Dave Lewis in Liquidmatrix Security Digest
 
SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforces response to web breaches From SC Magazine In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force, and stole 33,000 records. As data breaches go judged by...
 
Tags: air force, air force officers, pci compliance, assignment management system, records, data, data breaches, academic records, online merchants
 
 
 
 
Expand article

Times Up IPv6 OMB Mandate

2008-06-30 19:27:18 by Julia Lim in ScienceLogic
 
Three years ago, the OMB set a June 2008 deadline by which all agencies infrastructure (network backbones) must be using IPv6 and agency networks must interface with this infrastructure Agencies are supposed to demonstrate that they can Transmit IPv6 traffic from the Internet and external peers, through the core (WAN), to the LAN Transmit IPv6...
 
Tags: ipv6, aced ipv6 deadline, ipv6 packets, transmit ipv6 traffic, omb, ipv6 applications, actual ipv6 applications, agencies, twenty-four agencies
 
 
 
 
Expand article

The Template-ization of Malware Serving Sites

The Article has images
2008-07-10 16:59:13 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Just like web malware exploitation kits and phishing pages turned into a commodity underground good , allowing easy localization to different languages , and of course, the natural lowering of entry barriers into web malware and phishing in general, the very same thing is happening with fake ActiveX templates like the ones used on the majority...
 
Tags: malicious domains remain, malicious domains, tonsofporn activex remains, tonsofporn activex, domains, generic detection approaches, generic detection, activex, fake activex
 
 
 
 
Expand article

Colorado Division of Motor Vehicles cited in audit report

The Article has images
2008-07-11 09:18:07 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 7/9/08 Organization State of Colorado Contractor/Consultant/Branch Department of Revenue Division of Motor Vehicles Victims Residents Number Affected 3,400,000 Types of Data names, addresses, dates of birth and Social Security numbers Breach Description The Division of Motor Vehicles put 3.4...
 
Tags: information, personal information, information security, information security breaches, sensitive information, information security strategy, information security program, security, cyber security
 
 
 
 
Expand article

Wee-Fi: iPhone Penetration, Hotspots Undercounted, Warballoon, Cincy Bus-Fi

The Article has images
2008-08-11 09:49:01 by Glennf in Wi-Fi Networking News
iPhone sleeper cell: Security researchers demonstrated the use of an iPhone with an external battery pack as a method of sniffing networks from a mailroom, to find information that a business might not feel that it has to secure in the heart of its operations. Errata Security performed distant penetration testing for a client in this way, and...
 
Tags: wlan hotspots worldwide, wlan hotspots, hotspots worldwide, worldwide, iphone, wireless networks, networks, penetration, internal networks
 
 
 
 
Expand article

Speaking of Security Podcast #53

2007-03-12 00:00:00 by Podcast Producers in Speaking of Security, the RSA Blog and Podcast
 
Click here to listen/download (07:33 Data leakage is an issue IT organizations are faced with everyday. USB flash drives cause security concerns throughout the enterprise. We speak with Ron LaPedis of SanDisk Corporation about the security of such devices and their uses beyond portable storage
 
Tags: security, security concerns, usb flash, portable storage, ron lapedis, sandisk corporation, data leakage, enterprise, listendownload
 
 
 
 
Expand article

Speaking of Security Podcast #44

2007-01-08 00:00:00 by Podcast Producers</