When I tried to include the [taco] Unicode characters in the headline to this post, it cut off the headline. Supporting Unicode isnt easy, and often, to avoid security issues arising from Unicode, it is removed or outright blocked. But in particular, mobile devices make it easy to type Emojis or other Unicode characters. As …
Read more “My Password is [taco] Using Emojis for Stronger Passwords, (Tue, Feb 7th)”
On of the hardest tasks in security, and probably fundamentally an impossible task is to figure out if something is not malicious. Even the code you wrote yourself, once it exceeds a certain complexity, could include backdoors that you as theauthor missed. They may come in the form of vulnerabilities, or maybe it was bad …
I am seeing a steady trickle of scans for %%port:110%% against my honeypot. Initially, I believed that the goal was brute forcing e-mail passwords. But instead, when setting up a quick netcat listener, I am seeing binary content without any obvious purpose. Various POP3 daemons have had vulnerabilities in the past, so maybe there is …
Read more “What Are These Odd POP3 (Port 110/tcp) Scans About?, (Mon, Feb 6th)”
pastebin.com is a wonderful website. Im scrapping all posted pasties (not only from pastebin.com) and pass them to a bunch of regular expressions. As I said in a previous diary[1], it is a good way to perform open source intelligence. Amongst many configuration files, pieces of code with hardcoded credentials, dumps of databases or passwords, …
Read more “Many Malware Samples Found on Pastebin, (Sun, Feb 5th)”
Im a big fan of OSSEC[1]. This tools is an open source HIDS and log management tool.Although often considered asthe SIEM of the poor, it integrates a lot of interesting features and is fully configurable to solve many of your use cases. All my infrastructure is monitored by OSSEC for years. One of the OSSEC …
Read more “Detecting Undisclosed Vulnerabilities with Security Tools & Features, (Sat, Feb 4th)”
One of our readers, Dalibor Cerar, sent us an email about an issue impacting Cisco…at this point. While its a hardware issue, the result if it occurs is a self inflicted Denial of Service. Cisco released a notice on February 2 that some of its products had an issue with the Clock Signal component manufactured …
Read more “Cisco – Issue with Clock Signal Component, (Fri, Feb 3rd)”
The tweet originally announcing this issue stated that Windows 2012 and 2016 is vulnerable. I tested it with a fully patched Windows 10, and got an immediate blue screen of death (see below for screenshot). A Proof of Concept (PoC) Exploit causing a blue screen of death on recent Windows version was released on Github …
Read more “Windows SMBv3 Denial of Service Proof of Concept (0 Day Exploit), (Thu, Feb 2nd)”
— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that beca me big news when the Mirai botnet …
Read more “What Keeps My Honeypot Busy These Days, (Fri, Jan 27th)”
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.