snortattack

Microsoft is warning that there has been an increase of attacks against a zero-day vulnerability in Microsoft Help and Support Center. The vulnerability is due to an error when using invalid hexadecimal characters in the search topic parameter of a URI. It can be used to bypass restrictions normally imposed by a command-line argument to load arbitrary help documents. Proof-of-concept code has

DEAR EDITOR: I have been in security for 8 years.  Some of my friends say there is no such thing as cyberwar.  My manager says, "If you see it on the VRT Blog then it's so"  Please tell me the truth; is there cyberwar? Virginia O'Hanlon. 115 West Ninety-Fifth Street. Virginia, Your friends are wrong.  They have been affected by the skepticism of a skeptical age.  They do not believe except

Remote code execution in Adobe Acrobat and Reader. Some folks are claiming it's a denial of service, heh, right. RCE is possible, get your rules here:http://www.snort.org/vrt/advisories/2010/07/01/vrt-rules-2010-07-01.html/

Today the Snort Web Team made a change to the way that Snort rules are downloaded from snort.org. Hopefully this will result in faster downloads for most people. The changes are highlighted below:We are changing the way we publish rules. In June 2010 we stopped offering rules in the "snortrules-snapshot-CURRENT" format. Instead, rules are released for specific versions of Snort. You will be

We added and modified multiple rules in the backdoor, dos, exploit, misc, multimedia, netbios, oracle, pop3, rpc, specific-threats, web-activex, web-client and web-misc rule sets.Information is here: http://www.snort.org/vrt/advisories/2010/06/29/vrt-rules-2010-06-29.html/

I got a flyer in my mail a couple of days ago, telling me that my local utility company would be coming out soon to install a smart meter on my house. Like most customers, I didn't think too much about it, until the new meter was installed today. That's when my curiosity got the better of me - even though I arrived home after dark, I had to go take a look at the shiny new toy on the side of my

Recently, we released the only official Windows-specific version of ClamAV, appropriately called ClamAV for Windows (http://www.clamav.net/lang/en/about/win32/). It is designed to use little memory and processing speed because it uses an advanced cloud-based protection mechanism, best of all it's free (as in free beer. Ummm...beeeeer). If you haven't tried it yet, I really encourage you to.You

Quite recently, Tavis Ormandy released a 0-day vulnerability in a prominent piece of software. For this transgression, both he and his employer received a good deal of bad press. Sadly, very few in the professional security researcher crowd made enough noise about this, and to the contrary, one man in particular came down squarely against him. Thankfully however we still have Brad Spengler.

As a result of ongoing research, the Sourcefire VRT has added multiple rules in the dos, exploit, ftp, mysql, policy, rpc, specific-threats, spyware-put, web-activex, web-client, web-misc and web-php rule sets to provide coverage for emerging threats from these technologies.For a complete list of new and modified rules please see:http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-06

So…you’re at the bar and across the room you see this incredible [insert whatever floats your boat here].You spend an inappropriate amount of your time watching this person and your mind starts to fill in the details that the dark environment masks.  Then they turn around walk towards the bar and (finally!) walk into enough light that you can see what they look like.  Your first thought…”KILL IT

Apple Safari RCE (CVE-2010-1939), Google Chrome GLUG bypass (CVE-2010-1663). Details available here: http://www.snort.org/vrt/advisories/2010/06/14/vrt-rules-2010-06-14.html/

One of the hardest things in life is finding the right place to work, where you can spend eight to ten hours a day doing something you enjoy and also pay your bills. I’ve been lucky enough in my life to find this type of place three times: HiverWorld, Farm9, and Sourcefire. Each one of these places had a number of attributes that made it appealing to me, and made it where I wanted to spend the

Microsoft Help and Support Center Bypass Vulnerability:Microsoft Help and Support Center contains a programming error that may allow a remote attacker to bypass security restrictions on an affected system. The error occurs when invalid hex-encoded characters are used as a parameter to a search query using the hcp:// URI schema.Changelogs here: http://www.snort.org/vrt/advisories/2010/06/10/

Here we are again, Microsoft Tuesday for June 2010. A number of issues this month and rules to provide coverage for attack detection. Main advisory numbers for IDS/IPS coverage are MS10-033, MS10-034, MS10-035, MS10-038, MS10-039 and MS10-041. Check out the advisory and changelog here: http://www.snort.org/vrt/advisories/2010/06/08/vrt-rules-2010-06-08.html/

Or,No Performance for you, go home now.Today's blog post is a guest appearance by our Benevolent Dictator and Glorious Leader, Marty Roesch.We asked Marty for his thoughts on threading, performance and processing network data. Here's what we got:Executive SummaryPerformance of processes on current- and next-generation Intel CPUs is closely tied to proper cache utilization. Claims being made

A maintenance release, new rules in web-client, web-misc, backdoor, oracle, policy and specific-threats rule sets and an extensive set of rule updates. Check it out: http://www.snort.org/vrt/advisories/2010/05/25/vrt-rules-2010-05-25.html/