Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Rogue facebook application acting like a worm

Published: 2010-06-14
Last Updated: 2010-06-14 21:54:12 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

Reader Freddie showed us a Sophos report of an application that has gone rogue by spamming your contacts once you add it to your profile. The application claims to give you access to a video named "Teacher nearly killed this boy".

Facebook users: please be careful on the links you visit and applications you add to your profile, even if they claim to give you access to "shocking" content like this one. Always use applications that comes from a trusted source or you might be helping without knowing a future malware to spread around the world.

More information at: http://www.sophos.com/blogs/gc/g/2010/06/14/teacher-killed-boy-rogue-spamming-facebook-app-large/

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org  

0 comment(s)

Small lot of Olympus Stylus Tough 6010 shipped with malware

Published: 2010-06-14
Last Updated: 2010-06-14 18:19:41 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
1 comment(s)

Reader Edward pointed us a interesting link showing there is a small lot of Olympus Stylus Tough 6010 shipped with a malware inside their internal memory. More information at: http://www.sophos.com/blogs/gc/g/2010/06/08/olympus-stylus-tough-camera-carries-malware-infection/

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org  

1 comment(s)

Python on a microcontroller?

Published: 2010-06-14
Last Updated: 2010-06-14 08:28:27 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
1 comment(s)

I saw this interesting project that wants to create a python virtual machine to run inside a microcontroller without an underlying OS. This could be the gate to obtain soon a "python" hardware processor. 

More information at: http://code.google.com/p/python-on-a-chip/

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org  

1 comment(s)

Metasploit 101

Published: 2010-06-14
Last Updated: 2010-06-14 07:02:05 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

Are you a security professional that needs to learn the basis of metasploit but haven't found a source? Darknet consulting (http://darknet-consulting.com/) has done a nice video that shows how to use it.

Download the video here: http://darknet-consulting.com/video/vector2/meta101.wmv

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org 

Keywords: metasploit
0 comment(s)

Another way to get protection for application-level attacks

Published: 2010-06-14
Last Updated: 2010-06-14 06:41:43 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

I am a fan of modsecurity (http://www.modsecurity.org/) as a fast and cheap way to get decent protection for application layer attacks. But, as you know, risks are increasing and when the risk analysis performed to your organization shows that application disruptions have a big impact to the core business, it's time to strengthen controls and think about delivering protection from the code itself. I have found useful PHPIDS library, which detects XSS, SQL Injection, header injection, directory traversal,  DoS and LDAP attacks. Since it works from code, you can get the output and send it to your favorite alert vault to correlate security events.

Version 0.6.4 was recently released. More information at http://php-ids.org/2010/06/06/phpids-0-6-4-is-ready/

Want to use same functionality in perl? Try http://search.cpan.org/dist/CGI-IDS/lib/CGI/IDS.pm. It is based on php-ids. 

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org 

0 comment(s)

New way of social engineering on IRC

Published: 2010-06-14
Last Updated: 2010-06-14 04:32:10 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

Many researchers have tried unsuccessfuly to use artificial intelligence (AI) to program bots to interact with humans and gather information, because the human party detects the bot very soon and drop the conversation. Well, there is now a man-in-the-middle bot that relays messages between two people to avoid detection by the parties involved in the conversations. Also detects gender of the people involved in the conversation and alters the messages accordingly. Pretty cool stuff.

Want to read the paper? Check the following document: http://seclab.tuwien.ac.at/papers/autosoc-leet2010.pdf

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org 

0 comment(s)
Diary Archives