Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IPv6 Day Summary

Published: 2011-06-09
Last Updated: 2011-06-09 23:02:06 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

I just had a change to skip through our IPv6 logs from yesterday. There was a significant, but not huge increase in hosts accessing the site via IPv6. Usually we get maybe 200 or so hosts via IPv6, yesterday we got around 270.

Interestingly about 25% of the traffic (per IPv6 day as well as during IPv6 day) is due to hits to our rss feed. I will try to follow up on this to see why we get so much IPv6 traffic to it.

After an initial look at the logs, I didn't see any attacks via IPv6 against our web application.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: ipv6
1 comment(s)

One Browser to Rule them All?

Published: 2011-06-09
Last Updated: 2011-06-09 19:24:43 UTC
by Richard Porter (Version: 1)
9 comment(s)

A reader emailed in with the question, in short, which is currently the most secure browser and how to stay up to date on the different browsers. In the interest of Chrome having an update today it seems fitting to post the answer as a Diary.

Before the browser war ignites, let me be the first to say in my opinion "It Depends." Chrome [1] is regarded as a very safe and secure browser but when you get to the number of lines of code in any browser architecture it is hard to say [3]. There has been some great research on lines of code in different systems [4] and when you get to that level of complexity errors are bound to occur. There are several different thoughts and many books on this subject but what I am getting at here is complexity and trust. At some point you have to trust the development team that wrote the code for the browser, what operating system you are running and how you have deployed your browser.

Second, the browser, or the technology is only part of the matter. You still have Phishing and the human factor. Even on the most secure platform the user can be tricked. [4]

Another commonly accepted deployment strategy is Firefox with add on components of No-Script and Adblock. Research into your specific deployment scenario and resources is the key to identifying what works in your environment. Infoworld had a great article on securing different browser types [5], it is a little old but still relevant.

The pwn2Own contests held at some of the CanSec conferences can lead to some good reading on this subject. [2]

In the end, a huge browser war will ignite over which is the most secure but as organic as feature and code has become it is arguable that the best way to secure your environment is layers of defense but finally check out the SANS reading room for papers on the subject. Specifically refer to a paper written by one of SANS GIAC Students [6].

And to our Reader who wrote in, stand by for the heavy opinions on the subject. To our readers, please comment on your experiences or how you stay current.

[1] http://www.google.com/chrome/
[2] http://en.wikipedia.org/wiki/Pwn2Own
[3] http://www.ohloh.net/p/chrome/analyses/latest
[4] http://www.securingthehuman.org/
[5] http://www.infoworld.com/d/security-central/test-center-how-secure-firefox-282
[6] http://www.sans.org/reading_room/whitepapers/bestprac/preventing-incidents-hardened-web-browser_33244

Richard Porter

--- ISC Handler on Duty

Twitter: Packetalien

Email richard at isc dot sans dot edu

9 comment(s)

Chrome Version 12.0.742.91 Released

Published: 2011-06-09
Last Updated: 2011-06-09 15:19:48 UTC
by Richard Porter (Version: 1)
0 comment(s)

If you have not seen, Chrome has been updated to version 12.0.742.91 [1] and with this release brings some nice updates. You can check the official blog post by Google [2] for a long list of enhancements and security fixes. Of particular interest are the safe browsing enhancements [3]. Chrome has added some malicious file detection. Not sure if this is in response to the exploit claim that was made some months back but one could speculate [4]. If you are running Chrome it is advised that you update when it becomes available.

 

[1] http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html

[2] http://chrome.blogspot.com/2011/06/chrome-12-safer-and-snazzier.html

[3] http://www.google.com/chrome/intl/en/more/security.html

[4] http://isc.sans.org/diary.html?storyid=10852

 

Richard Porter

--- ISC Handler on Duty

0 comment(s)
Diary Archives