Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-03-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows Server 2003 SP2 / one new patch for XPSP2 after all

Published: 2007-03-13
Last Updated: 2007-03-14 17:04:54 UTC
by Kyle Haugsness (Version: 5)
0 comment(s)
Microsoft published Windows Server 2003 SP2 today, see http://www.microsoft.com/technet/windowsserver/sp2.mspx for details. There is also a  blocker tool available that you can use if you don't want your 2003 servers to automatically update through Windows Update at this time. We from ISC recommend that you roll 2003SP2 into your normal update cycle like any other set of patches -- test, then apply. As far as we can tell from the descriptions, this really is more a service pack than a feature pack this time, so the number of surprises might well be smaller than was the case with SP1.

It also looks like patch 929338 for XPSP2 has been moved from the "patch only if affected" to the general release on Windows Update this month.
Keywords:
0 comment(s)

Good malware reversing article from Websense

Published: 2007-03-13
Last Updated: 2007-03-13 23:07:32 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
Here is a good article from the Websense labs folks.  Apparently, a large bank in Norway has been fighting a massive infection of this malware.  The binary has multiple levels of advanced techniques that prevent against reversing.  If you want to get a peek inside some malware authors tricks (if properly motivated and educated), then this is a good article to read.
Keywords:
0 comment(s)

DST Wrapup

Published: 2007-03-13
Last Updated: 2007-03-13 20:02:52 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
At the risk of continuing a dead story, we are still getting reports of DST issues and annoyances. I can summarize most of it by saying that people are still having problems and having to resort to strange solutions. I'm expecting that this is going to continue for weeks and for some vendors that didn't get it right this time, I expect the same problem next year.

Without trying to downplay the issues that people are seeing with their servers/workstations clocks being off, we haven't heard any really bad stories of SCADA system failures, medical equipment failures, avionics failures, etc. I am curious to know if this affected any "mission critical" systems that support basic life. I am guessing that we will be reading about them soon in the RISKS newsletter  (catless.ncl.ac.uk/Risks).
Keywords:
0 comment(s)
Diary Archives