IPv6 Focus Month at the Internet Storm Center
As Johannes posted about at the end of January, we're going to focus on IPv6 during the month of March. It probably won't be quite like our Cybersecurity Awareness Month posts in Oct, but we do want to look at the security issues and implications of IPv6. We are still open to suggestions for topics or guest diaries, so feel free to send them to us in e-mail or reach out via the contact page. To kick things off, I figured it would be worthwhile to point you to the diaries that we have done in the past with respect to IPv6, Johannes, Guy, and I have each written on the subject more than once. We also have some IPv6 videos, the 6to4 conversion tool, and the IPv6 tcpdump cheatsheet (though the first page doesn't seem to display all that well in the new HTML5 PDF viewer in Firefox 19, at least, not for me).
References:
https://isc.sans.edu/diary/IPv6+Focus+Month/15049
https://isc.sans.edu/tag.html?tag=ipv6
https://isc.sans.edu/ipv6videos/
https://isc.sans.edu/tools/ipv6.html
https://isc.sans.edu/presentations/ipv6.pdf
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
And the Java 0-days just keep on coming
The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I haven't had a chance to actually look at the malware yet, so go read the Fireeye writeup for the indicators of compromise to look for in your network. Simultaneously, Adam Gowdiak has also informed Oracle of 2 different exploitable vulnerabilities (though at least one of his only affects 7u15, not 6u41), though those exploits are apparently not be used in the wild at the moment. In the meantime, all our previous advice still applies. If you don't need Java, don't install it/remove it. If you do need it, only enable it when you need it and/or run it inside another sandbox (SandboxIE, a sacrificial VM).
References:
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html
http://www.zdnet.com/oracle-investigating-after-two-more-java-7-zero-day-flaws-found-7000011965/
https://isc.sans.edu/diary/When+Disabling+IE6+%28or+Java%2C+or+whatever%29+is+not+an+Option.../14947
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago