Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-14 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Free time?

Published: 2005-09-14
Last Updated: 2005-09-14 23:48:47 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
Since Microsoft gave us a free month, how are you spending all your newly-found free time?  I'm specifically interested in readers that are custom-coding solutions to security or system administration problems.  Got any C/Perl/Python code that you want to share?  You coders don't get enough credit here, so let's here from you.

For example, last year I looked for a solution to monitor the changes to a Windows file share.  I needed a report at the end of the day showing new files, deleted files, etc.  This would allow me to detect security policy violations in an automated fashion.  I couldn't find anything free or commercial to do it, so I rolled my own in Python and SQLite (a light-weight database engine).  Interestingly, I discussed my project with several Windows system admins and none had ever thought about monitoring a file server in this manner.

Be sure to include whether you would allow us to reprint the code or description of the code on the site.

Keywords:
0 comment(s)

Microsoft Windows Update Errors

Published: 2005-09-14
Last Updated: 2005-09-14 18:35:03 UTC
by Kyle Haugsness (Version: 3)
0 comment(s)

Two of our handlers noticed some weirdness with Microsoft update.  See the image.



Update (handler Kyle Haugsness):  Several people have responded with proposed fixes.  Unfortunately, they are all different.  The suggestions are diverse: disable all anti-virus (especially Norton and McAfee), re-install Internet Explorer, delete the Internet Explorer cache, re-install XP service pack 2, flush the DNS cache, and log-in as local administrator.

So the moral of this story is: several people seem to be having the problem occassionally and if this is affecting you, good luck in figuring out the right approach.  This one seems to have no consistent cause or solution.

Keywords:
0 comment(s)

Multiple Linksys WRT54G Vulnerabilities

Published: 2005-09-14
Last Updated: 2005-09-14 16:43:02 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
iDefense has released five vulnerabilities against the Linksys WRT54G wireless access point/switch/router.  Some of these vulnerabilities are very serious.  Users of these products are highly recommended to patch their devices.  Patches for the latest versions are available at  http://www.linksys.com .

The iDefense advisories are here:
iDefense advisory 304
iDefense advisory 305
iDefense advisory 306
iDefense advisory 307
iDefense advisory 308

Keywords:
0 comment(s)

MacOS X Java patches

Published: 2005-09-14
Last Updated: 2005-09-14 03:44:26 UTC
by Scott Fendley (Version: 2)
0 comment(s)
Apple Computers earlier today released patches for MacOS X versions 10.4.2 and 10.3.9.  These security patches update Java installed on the computer to protect against certain vulnerabilities that could allow attackers to bypass security restrictions, disclose sensitive information, or elevate system priviledges.  More information is available at http://www.frsirt.com/english/advisories/2005/1734 or from Apple Information Article 302265. The FRSirt advisory is enumerating 5 vulnerabilities, evolving around race conditions and some vaguely defines applet issues. Not much details available at this point from either site.

The downloads are available at Apple Support Download.

Scott Fendley, Handler on Duty

Keywords:
0 comment(s)
Diary Archives