sans internet storm center

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

MSNBC Turkish site caught serving malware

Websense is reporting that MSNBC's Turkish site was caught in a mass defacement hacker attack that redirected readers to exploit servers hosted in China. From a Websense alert: At the time of this writing, the site was infected with malicious code designed to infect the...

Tags: Websense Inc., Malware, MSNBC, Site, SANS Internet Storm Center, Scripting Languages, Security, Viruses And Worms, Software/Web Development, Web Development, Ryan Naraine

Blog posts 2007-11-07

Additional Resources

Microsoft WINS vulnerability under attack

Just one week after Microsoft issued a fix for a worm hole in the Windows Internet Name Service WINS, malicious hackers have started launching attacks against unpatched systems. The attacks, first spotted by the SANS Internet Storm Center, are hitting Microsoft Windows users who have not yet...

Tags: Vulnerability, WINS, Microsoft Corp., Attack, Security, Ryan Naraine

Blog posts 2009-08-19

Password-reset flaw haunts WordPress admins

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of...

Tags: Administrator, Flaw, Wordpress, Security, Open Source, Ryan Naraine

Blog posts 2009-08-11

One-year-old (unpatched) Windows 'token kidnapping' under attack

Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating. The vulnerability, called token kidnapping (.pdf), was...

Tags: Attacker, Server, Microsoft Corp., Attack, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Blog posts 2009-03-16

Rigged PDFs exploiting just-patched Adobe Reader flaw

Just three days after Adobe shipped a patch with fixes for a critical Adobe Reader vulnerability, hackers are using booby-trapped PDF files to fire exploits against Windows users. [ SEE: Heads up: Patch your Adobe Reader now ] The in-the-wild attacks, first spotted by...

Tags: Adobe Systems Inc., Adobe PDF, Flaw, Adobe Acrobat Reader, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Blog posts 2008-11-07

McAfee SiteAdvisor blocks SANS

Showing you just how much they understand about security, McAfee blocked the SANS website, sans.org, as well as giac.org and sans.edu, with their SiteAdvisor application, listing it as a "bad" site. Interestingly enough, SANS sites are some of the best sites to go to for security related...

Tags: McAfee Inc., McAfee SiteAdvisor, Web Site, Web Site Development, Web Technology, Security, Internet, Nathan McFeters

Blog posts 2008-07-30

How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability

The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...

Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev

Blog posts 2008-07-25

Researchers borrow from Google PageRank for network defense service

Using a link analysis algorithm similar to Google PageRank, researchers at the SANS Institute and SRI International have created a new Internet network defense service that completely revamps the way network blacklists are formulated and distributed. The service, called Highly Predictive Blacklisting (.pdf), will be unveiled next...

Tags: Google PageRank, Attacker, Network, DShield, Highly Predictive Blacklist, Internet, Networking, Security, Ryan Naraine

Blog posts 2008-07-23

Do Congressmen's charges of Chinese hacking hold water?

InfoWorld notes that the congressmen who claimed China hacked their computers probably have scant evidence of the charges. "It's so very hard to conclude that something came from someplace if all you're going from is an IP address," said Marcus Sachs, director of the SANS Internet Storm...

Tags: Hacking, Evidence, Charge, Computer, Productivity, Internet, Keyboards, Security, Hardware, Peripherals, Richard Koman

Blog posts 2008-06-13

DHS mailing list melts down due to config error

The Department of Homeland Security created a nice little mini-version of a distributed denial of service attack, due a simple list config error on its Open Source Intelligence Report, The SANS Internet Storm Center reports. a reader replied to the list address with a request for a change and...

Tags: Mailing List, U.S. Department Of Homeland Security, E-mail, Online Communications, ZDNet Government

Blog posts 2007-10-05

Security expert: Skype's explanation for outage is "line of bull"- do you agree?

Some security experts are not entirely buying into Skype's explanations of what caused the nearly two-day sign-in outage.Writing on the SANS Internet Storm Center site, John Bambanek initially commented in part:Skype is apparently fully functional and has released an explanation of the problem that attributes the failure to Patch Tuesday. ...

Tags: Security, Skype Technologies S.A., Outage, Russell Shaw

Blog posts 2007-08-21

What's the 6th worst job in science?

The sixth worst job in science in 2007 is the Microsoft security grunt. Right between the "coursework carcass preparer" and the "gravity research project."PopSci.com explains why the vulnerability triage folks at Redmond makes its top ten list of the worst jobs in science this year:Do you flinch when...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Privacy, Pen testing, Patch Watch, Passwords, Microsoft, Hackers, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-06-25

Windows DNS Server code execution hole under attack

An zero-day vulnerability in the DNS server service in Windows is under attack, Microsoft warned in a security advisory.The "limited attacks" are exploiting a stack overflow error in the Windows Domain Name System DNS Servers RPC interface implementation when processing malformed requests sent to a port between 1024 and 5000.The...

Tags: Zero-day attacks, Vulnerability research, Pen testing, Browsers, Windows Vista, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Patch Watch, Open source, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Botnets

Blog posts 2007-04-13

Microsoft knew of Windows .ANI flaw since December 2006

A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Uncategorized, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-03-30

Report: Windows has fewest security holes

Report: Windows has fewest security holesBut Redhat and Apple won't be hijacked into zombiesviruses and exploits may past through their systems onto Window users, but the vulnerabilities they suffer few and far between have no mass attack ability in their installed and networked bases. So even if the turnaround...

Tags: Operating systems, Viruses and worms, Microsoft Windows, security hole, fewest security hole, security, Microsoft Corp., Linux

Discussion threads 2007-03-23

Code posted for Solaris remote root exploit

An anonymous hacker has posted instructions on how to launch attacks against a remote root exploit in the Solaris 10/11 telnet daemon.The exploit, published at Full Disclosure and Milw0rm, exposes a zero-day hole affecting the free and open-source operating system. There are no patches available.The SANS ISC (Internet Storm...

Tags: Patch Watch, Hackers, Zero-day attacks, Vulnerability research, Responsible disclosure, Exploit code, Open source, telnet daemon, daemon, Telnet

Blog posts 2007-02-11

Uptick in Windows attacks reported

Uptick in Windows attacks reportedYes, The Ever-Intelligent Microsoft SolutionScrap the hard drive and spend hours upon hours rebuilding your system.Thank goodness you don't have to do that in Linux.Usually there is a great silence before the storm hits .It's time to gear up and get ready because the worst is...

Tags: Operating systems, Cyberthreats, SECURITY, UNIX, Microsoft Windows, attack, operating system, Windows attack, infector, worm, Microsoft Corp., uptick, Linux

Discussion threads 2006-08-31

Zero-day PoCs on the loose for Mac

Several unpatched exploits in Apple's Mac OS X were reported last Friday by Joris Evers, but SANS Internet Storm Center is also reporting that PoC (Proof-of-Concept) code was also posted along with details of the flaw. These sample exploits are capable of carrying out denial-of-service attacks or remote code...

Tags: PoC, exploit

Blog posts 2006-04-24

Setting the record straight on the WMF vulnerability

Setting the record straight on the WMF vulnerabilityUS-CERT on vulnerabilities by OSand Windows is not number one.http://blogs.zdnet.com/Spyware/?p=736I think PJ examined this list on Groklaw.http://www.groklaw.net/article.php?story=20051231142317870SANS has an unofficial patchThe SANS Internet Storm Center (isc.sans.org) has an unofficial patch for this vulnerability. Scroll down the page to the "WMF FAQ"...

Tags: Operating systems, Microsoft Windows, Microsoft Windows Metafile, Unix, WMF vulnerability

Discussion threads 2005-12-30

Condition Yellow

Heads up. The SANS Internet Storm Center has posted a condition yellow because:The Infocon status is now yellow, due to the MSDDS.DLL exploit now available. We moved to Yellow as we feel widespread malicious use of this vulnerability is imminent, and the workarounds shown here provide sufficient countermeasures to be...

Tags: Yellow

Blog posts 2005-08-19