Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Malformed OLE and Windows Explorer

Published: 2007-03-09
Last Updated: 2007-03-09 20:29:08 UTC
by Tom Liston (Version: 1)
0 comment(s)
US CERT recently published some info on a vulnerability in Windows Explorer to specifically malformed OLE objects.  Based on currently available information, this appears to be a relatively low-level DoS threat, without a code execution capability.

We've added this to our listing of "open issues" in MS products found here.
Keywords:
0 comment(s)

Brazilian Tax Season

Published: 2007-03-09
Last Updated: 2007-03-09 19:12:52 UTC
by Tom Liston (Version: 1)
0 comment(s)
Just some words of warning that we're passing along from one of our friends south of the equator: It's "IRS season" in Brazil.

With the tax season deadline of April 30th approaching, any emails that you receive with "imposto de renda", "receita federal", or requests for your CPF (Brazilian SSN) is more than likely malware.

FYI, the real URLs for the Brazilian "IRS" are:

http://www.receita.fazenda.gov.br/
http://www.receita.fazenda.gov.br/PessoaFisica/Declara2007Informa1.htm

The same warning applies to US residents: be VERY wary of any email claiming to be from the IRS.  Never, EVER send any personal financial information in email.  Never, EVER trust a link in an email that claims to be from the IRS or a financial institution.  (The upshot is this: If you're going to be careless with your life savings, then let's expedite the process-- simply bundle all of the nice engraved pictures of presidents that you have in your wallet carefully together and send them to me for safekeeping... let me know when you need 'em back...)
Keywords:
0 comment(s)

Could it be Vista?

Published: 2007-03-09
Last Updated: 2007-03-09 19:10:39 UTC
by Tom Liston (Version: 1)
0 comment(s)
While the official Microsoft PR folks are denying the rumor, an unnamed source inside the software giant has indicated that the reason for Redmond's failure to publish updates in March may be caused by issues with Vista.  "Every time we try to push the updates, it keeps popping up these really beautiful, semi-transparent, shiny windows that say 'I'm sorry Dave, I'm afraid I can't do that.'," said our source. "We have no idea why it won't let us push the updates, and we don't know who 'Dave' is.  It's kind of annoying, but incredibly pretty."

[It's a joke... Lighten up and don't send me hate mail...  -TL]
Keywords:
0 comment(s)

Times... they are a'changin...

Published: 2007-03-09
Last Updated: 2007-03-09 18:53:18 UTC
by Tom Liston (Version: 1)
0 comment(s)
We have some additional, new DST issue "stuff" coming out of Sun and IBM:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102836-1

This documents an incompatibility issue with Olson TZ Data and Sun's JDK/JREs as follows:
  • JDK and JRE v1.4.2_12 and above
  • JDK and JRE 5.0u8 and above
  • JDK and JRE 6 and above
IBM is highlighting some problems caused under the newly patched JRE/JDKs that it supplied when an app uses a three-letter TZ name (like EST, CST, MST, etc...) rather than a full length designator (like "America/New York").  Details can be found here.
Keywords:
0 comment(s)
Diary Archives