Last Updated: 2007-06-23 15:29:36 UTC
by Kyle Haugsness (Version: 1)
The Symantec folks identified a website exploiting a bug from this months Microsoft patches, specifically the Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerability. Here is the URL to their blog entry:
Apparently, the actual exploit is similar to the proof of concept code posted on a popular exploit site ten days ago.
Last Updated: 2007-06-23 13:41:50 UTC
by Marcus Sachs (Version: 1)
Yesterday we published a diary about blocking active code in banner ads. Adrian wrote to us to provide additional information on some of the tools he uses.
Adblock plus is a blocklisting mechanism. It is useful for blocking images and all sorts of ads, when you know exactly what the URLs for those are, or you can make a reasonable wildcard for, but in the end it won't catch everything, and most importantly, it won't catch everything THE FIRST TIME. You have to know it to block it, and that means loading it at least once.
NoScript + AdBlock plus +adblock filter subscriptions (i.e. self-updating) are a great way of filtering junk that's out there, and are working great as a team.
Other filters to consider:
ABP Tracking filter
RO List (for filtering ads on Romanian sites)
Jamie Plucinski's filter list
Marcus H. Sachs
Director, SANS Internet Storm Center