ComputerDefenseComputerDefenseComputerDefense.org is an IT Security website, with a mix of python,hardware,reviews and anything else I feel like talking about... previously it hosted a daily link list.. (which may make a comeback)... Articles
New TLD - .asia
2007-05-04 07:34:00 An email just came across the DNS Operations mailing list: I realize I’m a little late, but .ASIA entered the root last night with revision 2007050201. Congratulations to all those involved. For those that have an interest in such things: Serial: 2007050301 Statistics ========== Number of gTLDs: 21 Number of ccTLDs: ... More About: Asia
Small Note: DST Problems with Wordpress
2007-05-04 06:32:00 It seems that Wordpress , this wonderful blogging software has a flaw… It doesn’t support DST. At first I thought that perhaps due to the change in date for DST that the server hosting this blog hadn’t been updated properly… I soon discovered this wasn’t the issue. So tonight, irritated that my server was an hour ... More About: Note , Small , Problems , Problem
Has My Webmail Been Hacked?
2007-05-04 06:21:00 Jeremiah Grossman has an interesting post up over on his blog titled, “How to check if your WebMail account has been hacked.” The post discusses using an older concept of “Web Bugs” to monitor your web-based email account to see if it has been accessed. This is (or was), if I recall correct, one of ... More About: Security , Hacked , Been , Webmail
May Microsoft Advanced Notice Bulletin
2007-05-03 19:33:00 So we’ve got a Patch Tuesday coming up… Microsoft has released the advanced notification… If we expect a patch for the DNS vuln… that’s one remote code Execution vuln but both Exchange and BizTalk servers are listed, so they could potentially be remote code execution as well… I guess we’ll know on Tuesday… Here’s the vital ... More About: Security , Soft , Bulletin , Bull
What I learned this week?
2007-04-20 07:03:00 I always base the quality of my week on what I’ve learned… It’s not the only criteria obviously but it is one of them… If I’ve learned nothing then the week seems like a total waste… yet if I learn just one or two things… even if they are common knowledge to everyone else… as ... More About: Hat , Earn , This , Week , Learn
RPC DNS Worm
2007-04-17 04:50:00 Yesterday I questioned if we’d see a worm related to the RPC DNS Vuln… Both McAfee (additional info) and ISC are reporting that we are. According to the ISC the worm is only scanning port 1025… I question whether this was the displayed behavior or the worm is actually hard coded only to look at this port… ... More About: Security , Worm
The DNS Vuln
2007-04-15 23:49:00 It’s amazing how quickly the community can respond… In the past 24 hours I’ve seen exploits from three sources for this vulnerability. We’ve got an exploit for metasploit, an exploit written in python and one written in C. (I considered whether or not I’d link to these but since they’re all publicly available… I might ... More About: The D
Remote Code Execution in RPC on Windows DNS Server
2007-04-13 07:05:00 Microsoft has published an advisory on remote code executing via a vulnerability in RPC for Wind ows DNS Server . There are no details, however Microsoft is saying that it is a limited attack. This vulnerability has been assigned CVE-2007-1748. Successful exploitation would allow code to be executed under the context LOCAL SYSTEM and anonymous exploitation is ... More About: Code , Indo
Limited Whois Results
2007-04-12 18:29:00 RSnake has an interesting post on the Whois Daemon that is running for the .to TLD. It seems as though their modified daemon returns minimal results… masking all contact and registration information. root:# whois tonic.to Tonic whoisd V1.0 tonic root:# whois task.to Tonic whoisd V1.0 task ns1.perpetualconnections.com 64.90.96.130 ns2.perpetualconnections.com 64.90.96.230 As RSnake points out this is a spammers dream. I would add ... More About: Results , Mite , Limited , Limite , Result
Not Everything Can Be Improved With Technology.
2007-04-12 17:12:00 I know that’s a hard statement for a lot of people to believe, but it’s the truth. RFID is a prime example of this. The list of things that RFID has been used for just keeps growing. Replacement of Keys Embedded in Keys Product Tracking (Warehouse) Product Tracking (Livestock) Payment Methods (Credit Cards) Passports Cookware Ink (for RFID Tattoos) Library Books and the list goes ... More About: Technology , Techno , Tech , With , Everything
It Never Fails?
2007-04-12 00:58:00 Yet again we see it happening… Patch Tuesday rolls around and suddenly we’re hit by more “0-days” for Microsoft products. This time it’s primarily Office, but a heap-overflow in .HLP files was also released. McAfee AVERT Labs have been doing some research into the vulnerabilities, however they haven’t had much to say yet. Initially they ... More About: Ever , Never
Information Security Conferences, Workshops, and Training Calendar
2007-04-11 05:36:00 Short and sweet… Dustin from TippingPoint provided this Google Calendar link on DailyDave earlier today. It’s a Calendar that tracks IS conferences, workshops and training. It is rather indepth and impressive. Kudos and Thanks to Dustin as this is very handy to have access to. More About: Security , Information , Training , Workshop , Work
?Hex Dump Port Forwarding Network Proxy Server?
2007-04-10 16:14:00 I know, it’s a mouthful and a little repetitive but I didn’t name it. One of the RSS feeds that I subscribe to is the ASPN Python Cookbook. The recipe (source as text here) that was listed today was quite cool and useful. It’s a small proxy server that dumps the hex output of the ... More About: Work , Network , Port , War , Server
The RCMP Wants to know you?re reading my blog?
2007-04-10 06:35:00 Actually they want to know much more than that… They want to know everything you do online and they don’t want to have to obtain a warrant to find out the information. An article posted not long ago on Canada.com tells us that the RCMP are pushing for the re-introduction of the “lawful access” law. ... More About: Reading , Blog , Read , Know , Want
Double Your Pleasure, Double Your Fun. Two MS Tuesdays are Better than One!
2007-04-02 05:33:00 So I just checked my email… (I try to go anti-computer on the weekends these days… at least for a little while while I unwind and relax) and there’s an email from Microsoft informing customers that they will be releasing a patch on Tuesday, April 3rd. Now I suppose it could be an April Fool’s ... More About: Fun , Double , Your , Days , Better
Metasploit 3.0 Officially Released Today
2007-03-27 22:05:00 From the Meta sploit Homepage: March 27th, 2007 — Metasploit is pleased to announce the immediate, free availability of the Metasploit Framework version 3.0 from http://framework.metasploit.com/. The Metasploit Framework (”Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide ... More About: Today , Released , Release , Lease
SSL == Useless
2007-03-26 21:25:00 Pete Lindstrom posted over on the Spire Security Viewpoint asking, and answering, the question “Has SSL Outlived it’s Usefulness”. He made the following four statements: 1) Users read way too much into its functional value. 2) The threat model for sensitive Web data has never been one of sniffing traffic. There are still way too many accessible ... More About: Useless , Less , Sele
But I?m a hobbyist?
2007-03-26 09:52:00 The most popular post I’ve made, has been my mention of Windows XP Black Edition. While nobody was really in favour of my idea, I’m pretty sure it was popular because people were hoping to find a download link… and found me via Google, where I’m currently the #1 result for the search Windows XP ... More About: Hobby
My New Phone - UT Starcom 6700
2007-03-26 07:07:00 Welcome to a story of delays, frustration and amazing customer service, as I tell you the story of my new phone So last weekend I went to see 300… It was pretty good… We left and walked a bit and the person I saw the film with caught a streetcar… I turned the corner ... More About: Phone , Star , Arco , Starcom
A few links.
2007-03-22 22:09:00 I’ve got a few things I wanted to touch on today…. First, a friend of mine, Max ( J_K9 ) is in Seattle… From the UK. He gave details on why he’s going, which includes visiting Microsoft and presenting to the board of directors, on his blog. While he’s there, he’s writing entries on what’s going ... More About: Links , Link
VirtualPC 2007 Available
2007-03-21 14:38:00 I posted when VPC 2004 was made freely available…. So let’s post again now that VPC 2007 is freely available. Feel free to download it and play. More About: Virtual , Virt
Top 59 Influencers in IT Security (2007)
2007-03-17 02:06:00 I’ve already mentioned this list once and said I disagreed with a good chunk of it… I also said that I’d come back with my own list. This is exactly what I’ve done… Ryan (numerophobe.com), Jeremy (engineeringreversed.com) and I sat down and came up with this list. We basically decided that the original list should ... More About: Security , Influence
Microsoft Responds to AV Attacks
2007-03-16 07:51:00 Microsoft has taken a lot of heat lately for their results in various AV testing (Examples: -1-, -2-, -3-, -4-, -5-). My opinion has stayed pretty much the same… My assumption is that the product failed due to missing older viruses… so their competitors who have years of industry experience and a large signature database ... More About: Microsoft , Pond , Soft , Micro , Attacks
Odds and Ends
2007-03-15 07:12:00 A few things that I came across that I could have turned into a number of small blog posts but instead I choose to throw them all into one. Up first we’ve got a WordPres plugin I recently downloaded and added… Like many bloggers I use Google Analytics, and like many wordpress bloggers, I’ve simply added ... More About: Odds , Ends
A Joke? Baby Making
2007-03-15 06:31:00 A Joke courtesy of Brian Madsen’s .Net blog. The Smiths were unable to conceive children and decided to use a surrogate father to start their family. On the day the proxy father was to arrive, Mr. Smith kissed his wife good-bye and said, “Well, I’m off now. The man should be here soon.” Half an hour later, just ... More About: Baby , King , Maki , Makin
Introducing the Amazing, Wonderful and Completely Magnificent Microsoft the
2007-03-15 04:09:00 … and for his first trick, Ladies and Gentlemen, he will make Windows Server 2003 SP2 appear magically in front of you… as though out of thin air. Ryan has already blogged about this over at numerophobe.com but I think there’s information worth mentioning again and other information that’s worth bringing up. This was definitely ... More About: Microsoft , Comp , Cent , Amazing , Soft
Vista Sticky Keys Backdoor
2007-03-14 04:33:00 I know… I’d laugh at the title as well… So let me clarify a few things. I’m not calling this a backdoor… I’m quoting the original post over at McAfee Avert Labs. I also don’t agree with the issue here… to put it into a single sentence, it basically says, “If I have physical administrative ... More About: Vista , Back , Keys , Stick , Door
Rogers Communications Phish
2007-03-14 03:48:00 This is just a quick heads up since it actually concerns me as well (being a Rogers customer)… Websense has published an alert on a new phishing attempt targeting Rogers customers.. The text of the email is: Rogers is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your ... More About: Communication , Cat , Muni , Phish , Communications
No Explosions, but a Couple of Pellet Guns were Fired.
2007-03-11 16:05:00 I’d heard people say that the DST change was going to be the next Y2K.. They were right…. it was Y2K… Absolutely nothing happened. Nothing major anyways…. no explosions… There have been a few small problems though. So far, the Internet Storm Center is reporting the following: Problems with certain models of Cisco Phones Problems with Symantec Backup Exec 10d and 10.1 Problems with APC If anyone has heard of other problems feel free to leave them in the comments or fire me an email and I’ll be sure to add them to the list. More About: Guns , Coup , Elle , Couple , Fire
Another Windows “0-day” DoS
More articles from this author:2007-03-11 07:14:00 A Proof of Concept memory corruption has been released on milw0rm. This is coming from the author of the Internet Connection Sharing DoS. I’m wondering if we’ll see an excess of MS exploits this month given their decision not to patch any of the existing flaws. More About: Windows , Other , Wind , Another , Indo 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
