Corrected: From the mailbag
Since today has been a pretty quiet day, I looked back through my mailbox at a few items that we haven't mentioned in recent diaries.

Defeating XP SP2 Heap Protection

There was some discussion earlier this week on several mailing lists about a new paper that describes a technique for evading one of the new buffer-overflow defenses introduced with SP2.

New squirrelmail release

A new version of squirrelmail was released which fixes a couple of vulnerabilities in the popular webmail package.

Still no MS05-002 patch for Win98 (vulnerable to Hebolani?)

The MS05-002 bulletin said that patches for Win98, Win98SE, and WinME would follow at a later date. One of our readers, Erik, has reported that it does not appear that they have been released yet.

Port 6346 on the rise

Looking at the trends page ( ) and the port details ( ), there seems to be a big jump in traffic on this port. We haven't heard of anything new attacking on this port, but given that this port is primarily used for P2P filesharing (a favorite target of bots and worms), we'll be keeping our eye on this one.


Jim Clausing, jclausing/at/isc.sans.orgI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022


423 Posts
ISC Handler
Jan 31st 2005

Sign Up for Free or Log In to start participating in the conversation!