Congratulations Brian Granier!
Our handler Brian Granier became this week the second student to graduate from the SANS Technology Institute!
Grey Friday?
Just as the memories of this months Patch Tuesday faded into the past, Microsoft have announced an update to the advisory for MS07-042.
Microsoft have updated from Version 1.1 to Version 2.0 and it covers two issues
- Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Expression Web as affected products.
- Potential reliability issue exists in applications that have installed Microsoft XML Core Services 4.0 on Windows Vista, which can be addressed by applying the download available in Microsoft Knowledge Base Article 941833.
Edit ; We have received clarification from Microsoft that the update to MS07-042 has only changed the detection logic, and nothing more. Microsoft have also indicated that FIRST's comments originated from the initial Microsoft advisory.
Python script for packer identification
In doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote (my first Python script) packerid.py which uses a peid database like this one (updated 2007-09-28 02:30 UTC) or Neil's collection or this one from Panda. Mine includes a few additional signatures or changes that I've made recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself. Until that happens, I'll be periodically updating mine, see the tools section of my handlers page.
Cyber Security Awareness Month - Daily Topics
October is Cyber Security Awareness Month and the Internet Storm Center is going to focus on one security awareness subject per day. We plan to provide useful information for information security professionals who want to educate their users but do not have a ready set of awareness tips.
We asked for your ideas and boy did you have some good ones. To all of our readers who sent in hundreds of ideas over the past two weeks, thanks very much! It took a bit of work but I think we've got about 95% of the topic suggestions covered. Below is the list of topics by week and day that we will use them in October. As you'll see, the first week focuses on tips for getting the message out to your users. Subsequent weeks focus on specific topics.
We need your help beginning this weekend and continuing through the month of October. If you would like to submit a tip, please use our contact form and be sure to put something in the subject like "Security Tip, day 15" to make it easier for us to sort them. Keep your tips brief and to the point, also remember that the audience is the end user, not your sysadmins or netops geeks.
1. Establishing a User Awareness Training Program
1 Penetrating the "This Does Not Apply To Me" Attitude
2 Multimedia Tools, Online Training, and Useful Websites
3 Getting the Boss Involved
4 Enabling the Road Warrior
5 Social Engineering and Dumpster Diving Awareness
6 Developing and Distributing Infosec Policies
2. Best Practices
7 Host-based Firewalls and Filtering
8 Anti-Virus, Anti-Spyware, and Other Protective Software
9 Access Controls, Including Wireless, Modems, VPNs, and Physical Access
10 Authentication Mechanisms (Passwords, Tokens, Biometrics, Kerberos, NTLM, Radius)
11 File System Backups
12 Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
13 Patching and Updates
3. Hardware/Software Lockdown
14 Data Encryption
15 Protecting Laptops
16 Protecting Portable Media like USB Keys, iPods, PDAs, and Mobile Phones
17 Windows XP/Vista Tips
18 Mac Tips
19 Linux Tips
20 Software Authenticity (Digital Signatures, MD5, etc.)
4. Safe Internet Use
21 Understanding Online Threats, Phishing, Fraud, Keystroke Loggers
22 Detecting and Avoiding Bots and Zombies
23 Using Browsers, SSL, Domain Names
24 Using Email, PGP, X509 Certs, Attachments
25 Using Instant Messaging and IRC
26 Safe File Swapping
27 Online Games and Virtual Worlds
5. Privacy and Protection of Intellectual Property
28 Cookies
29 Insider Threats
30 Blogging and Social Networking
31 Legal Awareness (Regulatory, Statutory, etc.)
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments