Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Handler Mailbag

Published: 2008-10-01
Last Updated: 2008-10-01 21:47:05 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Just a few items that came in through the Handler's mailbox today:

TCP Vulnerabilities

A few readers sent in some more information on the TCP vulnerabilities that has been the talk around the water cooler for the last week or so. First a webcast of the Dutch researchers is available at http://debeveiligingsupdate.nl/audio/bevupd_0003.mp3the first part is in Dutch, but shortly after the 5 minute mark the conversation changes to English.

Secondly, a Search Security article provides some more details here.

I haven't had time to dig into this in detail, but it seems that a relatively few number of packets are capable of DOSing most TCP/IP stacks. Some sources are making this sound like the Internet perfect storm, others are writing it off as FUD.  I will leave it up to you to make your own decisions, but I expect it is closer to the latter.

 

YAUH!

Reader Frank forwarded an article about a hack  at the University of Indianapolis that compromised 11,000 Social Security numbers. This in itself is nothing new. Universities by the nature of their culture have had a relatively open network, and it seems the bad guys have been increasingly turning there attentions in that direction.  But a quote in the article upset Frank, ..."it was well beyond our control". Now I can't speak about the University of Indianapolis, they may very well have excellent security and this hack may have been carried out by world class hackers.  But what this hack hilights for me is that the days when universities could have a wide open network are long gone.  Enlightened universities have started realizing that they need to understand which data needs to be protected and separating the important data from the rest of the network with adequate security controls such as network segregation, firewalls, and encryption.  If you are interested the article is here.

 

Christmas in October!

Frequent contributer Roseman pointed out the release of updates to the free SysInternal's tools.  For those of you who regularly use the SysInternals tools to debug and understand Windows you understand when I say this is like an early Christmas.  For those of you who are not yet enlightened about SysInternals...you should take a look.

The major change is a update to Process Monitor..."adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring."

The blog post with some basic release notes is available here.

SysInternals tools can be downloaded from here.

 

-- Rick Wanner

rwanner at isc dot sans dot org

0 comment(s)
Diary Archives