RFC2142 is a two-way street

Published: 2005-12-25
Last Updated: 2005-12-25 14:20:27 UTC
by Kevin Liston (Version: 2)
0 comment(s)

As Johannes pointed out in http://isc.sans.org/diary.php?storyid=957 RFC2142 is a pretty good RFC to follow.  It works both ways too.

For example, let's say you're running vulnerability scans against your local bank's website browsing your local bank's website and you come across what you think is a very serious vulnerability do you:

a) Jot that IP address down for later use when you need to pay off your credit card debts from the holiday season's over-indulgences.

b) Drop a friendly fact-filled note to abuse@localbank.com

or

c) Launch a media campaign to publicize the risk encouraging your readers to write letters to the Office of the Comptroller of the Currency

If one supports the idea of Responsible Disclosure the answer would be B, followed by C after an acceptable period of time.  I wouldn't recommend choice A.  Jumping straight to C is likely to annoy localbank's Incident Response team and result it happy letters from their legal departments.  Another reader points out that he feels that you should try B, and if that fails, take your business elsewhere.

Keywords:
0 comment(s)

Observations on the Family System Administrator

Published: 2005-12-25
Last Updated: 2005-12-25 01:43:36 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Some observations from http://isc.sans.org/diary.php?storyid=960:

  • 8% suggested the use of a hardware router
  • 8% suggested that Linux was the answer for their parents
  • 11% thought that Macs were a safer option
  • 19% were willing to enter a lifetime support contract for their parents
  • 19% thought that their parents couldn't handle a computer
  • 25% of the submitters chose to send their suggestions anonymously

Keywords:
0 comment(s)

A couple of handy iptables tutorials

Published: 2005-12-25
Last Updated: 2005-12-25 01:03:58 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Harry Hoffman submitted his intro to iptables on Linux servers: http://www.ip-solutions.net/firewall/servers.html

It's a nice little getting-started piece and it starts off with a default-deny policy-- which is one of my personal favorites.

A more advanced treatment on reactive iptables is available here: http://www.sans.org/rr/special/index.php?id=adaptive_firewalls

Keywords:
0 comment(s)

phpBB <= 2.0.17 exploit code in the wild

Published: 2005-12-25
Last Updated: 2005-12-25 00:45:05 UTC
by Kevin Liston (Version: 1)
0 comment(s)
It's an early holiday gift for phpBB admins all over the world.  Exploit code affecting phpBB version 2.0.17 and previous has been made public.  The targeted vulnerability was announced on Halloween, and updates have been available since then.

I predict we'll be seeing profile.php probes appear in your web logs right along with the awstats and xml-rpc attacks that you've been getting.
Keywords:
0 comment(s)

Comments


Diary Archives