Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-12-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Random stuff from the mailbag

Published: 2005-12-02
Last Updated: 2005-12-03 04:18:50 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
There wasn't anything big enough to comprise a full story today, but there are lots of small items to mention:

1) Criminal groups are starting to exploit the (still unpatched) IE vulnerability.  This could get ugly soon.

2) Update: Several people have reported that a patch is now available, so patch now!...  There is a very serious bug in most Panda antivirus products that seems to still be unpatched.  This was announced several days ago.  Possible mitigation is to block .zoo attachments at your network entry points (email and web browsing).  Of course, you might be in trouble if Panda *is* your mail filtering server.

3) One person reported that Google now allows Gmail functionality to run on www.google.com.  This change caused his web filtering software company to categorize www.google.com as webmail.  And since his organization doesn't allow webmail access, users were blocked from google.  Did anybody else run into this problem?

Keywords:
0 comment(s)

NMAP + XML + PERL = Fun

Published: 2005-12-02
Last Updated: 2005-12-02 23:06:01 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
Ever wondered what to do with the XML output of an NMAP scan?  Me too.  Until I realized that you can easily parse it with a Perl module named NMAP::Parser.  More information and an example script that will be useful to all the security gurus who code in Perl on my page here: http://handlers.sans.org/khaugsness/

Let me know if you find this useful.
Keywords:
0 comment(s)
Diary Archives