Internet Explorer 9 "Platform Preview" Now Available From Microsoft
Microsoft released a "Platform Preview" version of the next version of Internet Explorer. You can download it from http://ie.microsoft.com/testdrive/Default.html. There are several security implications of this release:
- Security professionals may be interested in exploring what security features and enhancements (if any) are built into Internet Explorer 9
- Attackers may be interested in exploring what vulnerabilities (if any) exist in the code added to Internet Explorer 9
- Attackers may start using the lure of installing Internet Explorer 9 as part of phishing and drive-by campaigns
Regarding point #3... At the moment, searching for "Internet Explorer 9" doesn't provide many links that look malicious. I suspect this will change as malicious sites using Search Engine Optimization (SEO) techniques will spring into action to take advantage of people's interest in the new browser.
Have you had a chance to look at Internet Explorer 9? Let us know your security-related observations.
-- Lenny
Lenny Zeltser - Security Consulting
Lenny teaches malware analysis at SANS Institute. You can find him on Twitter.
Trouble Ticket Express Exploit in the Wild a Day After the Vulnerability Announcement
The time between the announcement of a vulnerability and seeing the exploit in the wild is short, especially if the announcement includes proof-of-concept code. A day ago, a proof-of-concept exploit in Trouble Ticket Express help desk software was made public. Just a day later, ISC reader Ben saw the exploit in the wild:
64.15.159.171 - - [15/Mar/2010:18:42:23 -0700] "GET /ttx.cgi?cmd=file&fn=%7C%65%63%68%6F%20%2D%6E%20%62%75%66%75%77%75%7A%68%65%72%3B%65%63%68%6F%20%65%7C HTTP/1.1" 403 960 "-" "Plesk"
The decoded version of this particular URI is:
/ttx.cgi?cmd=file&fn=|echo%20-n%20bufuwuzher;echo%20e|
The targeted vulnerability in the application could allow the attacker to execute arbitrary code on the system.
If you are running Trouble Ticket Express version 3.01 or lower, update the program's File Module or disable access to the TTXFile.pm module on your server.
-- Lenny
Lenny Zeltser - Security Consulting
Lenny teaches malware analysis at SANS Institute. You can find him on Twitter.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago