The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When …
Read more “Cloudflare data leak…what does it mean to me?, (Fri, Feb 24th)”
Google has announced that they have succeeded in developing a technique which makes it practical to crafttwo PDF files with the same SHA-1 digital signature. Of course like all new vulnerabilities/attacks in this decade it needs a web page and a cool logo. Not to disappoint they can be found here. What does this mean …
Read more “Practical collision attack against SHA-1 , (Thu, Feb 23rd)”
— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
From time to time, we see spikes on some odd port in our data and we want to figure out what the bad guys are trying to do. Even just capturing the first packet or two of data can help us figure out what they are looking for, even if we dont initially give the …
Read more “Quick and dirty generic listener, (Tue, Feb 21st)”
GarageBand 10.1.6 is released today, fixing an arbitrary code execution bug in Yosemite 10.10 and later (CVE-2017-2374) Theres also second patch for Logic Pro X 10.3.1. Unfortunately, its got the text for the Garageband patch in its notes, so its not clear what is fixed in this update. As always, all Apple security patches are …
Read more “2 Apple Updates Today as Well – GarageBand and Logic Pro X, (Tue, Feb 21st)”
Microsoft released the patch for MS017-005 today, to patch a remote code execution vulnerability inWindows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. The MS Bulletin is posted here: https://technet.microsoft.com/en-us/library/security/MS17-005, but is not yet posted on the main feed (https://technet.microsoft.com/en-us/security/bulletins.aspx) The matching Adobe technote is APSB17-04, …
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Last week, I was working with a client on a web-filtering solution, using one of their organizations laptops. We happened to notice the long-long-LONG list of SSIDs that were on this machine, may of them open SSIDs. The host we were looking at had the default dlink and linksys SSIDs as auto-connect, so not a …
=============== Rob VandenBrink Compugen (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails [1]. In short: It is possible to trick the application to connect to an FTP server, but since mail servers tend to be forgiving enough, they will just accept e-mail if you use the FTP client to connect …
Read more “Hardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th)”