Categories

About

Archives

Add me to your TypePad People list
Subscribe to this blog's feed

Recent Posts

September 2003

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

September 12, 2003

DCOM/RPC Vulnerabilities FAQ v4

Thanks to Russ Cooper and the people behind NTBugTraq here is the DCOM/RPC Vulnerabilities FAQ v4

It will help you disable DCOM on various OS's and also talk about the various RPC vulnerabilities.

01:36 PM in Viruses, Trojans, Worms & OS Vulnerabilities | | Comments (0) | TrackBack (0)

September 11, 2003

Scanning for RPCSS Vulnerability

This is from Marc Maiffret Chief Hacking Officer at eEye Digital Security

The way that Microsoft patched the new RPC Part II vulnerability actually breaks most scanning tools looking for the first flaw.

That is to say that if your company is using a scanning tool looking for MS03-026 and you have installed MS03-039 then your MS03-039 systems will be flagged as vulnerable, when they obviously are not.

Since we actually found the flaw we were able to update Retina and our free scanning tool to correctly identify this new vulnerability, and old, without getting false positives. Again, last time I checked ISS, Foundstone, and a couple free tools (MS's old version), will incorrectly identify systems as vulnerable to the old flaw, with this new patch installed.

Retina 4.9.126 and our free RPC scanner Version 1.1.0 have the correct checks that the rest of the scanners are going to need to "model themselves" after in order to accurately detect these RPC flaws. Again the free RPC scanner tool, with latest RPC check, can be downloaded from:

http://www.eeye.com/html/Research/Tools/RPCDCOM.html

07:20 AM in Vulnerability Assessments/Pen Testing | | Comments (0) | TrackBack (0)

New buffer overlow in MS RPCSS Service (MS03-39)

Microsoft Security Bulletin MS03-039

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003

Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

Download the patch

This patch supercedes patch MS03-26 which was for the MSBlaster worm. This means you only need to install MS03-39.

You can bet their is another worm or virus on the way that will take advantage of this new exploit.

Recommendations, to get ahead and avoid another problem like MSBlaster :

Get a Firewall (Hardware, software)
Patch your MS Windows systems and keep them patched
Install Anti-virus software and keep it up to date

Make sure if you have any remote clients or customers entering into your internal network they are patched as well.

07:08 AM in Viruses, Trojans, Worms & OS Vulnerabilities | | Comments (4) | TrackBack (0)

September 10, 2003

California gets new privacy law

California has just passed a new privacy law that can be termed the Opt-in list instead of the familiar Opt-out that many of you have been hearing about. See the full story

07:01 AM in Identity Theft | | Comments (0) | TrackBack (0)

Identity Theft

Stats say that Id Theft hits 10 million Americans a year (The Register).

A staggering 27.3 million Americans have been victims of identity theft in the last five years, according to Federal Trade Commission survey out this week. In the last year alone, 9.9 million people have had their identity purloined.

I give talks on Id Theft for various service organizations maybe I should release ebook on how to avoid ID Theft on the internet?

06:44 AM in Identity Theft | | Comments (0) | TrackBack (0)

»