DNSSEC...not a bang but a whimper?

Published: 2010-05-04
Last Updated: 2010-05-05 19:07:08 UTC
by Rick Wanner (Version: 2)
3 comment(s)

Tonight is the night that DNSSEC is enabled between the DNS root servers. I am not going to go into detail since the good people at the other ISC have already done a wonderful job of that in their posting.

Lots of the usual hype in the usual places including The Register, slashdot, etc.  The fact is that this really only affects the way your ISPs talk DNS to the root servers. I suspect most users are using their ISPs DNS servers which will continue to talk to their customers the old way.  It may cause problems for some users who are hosting their own DNS servers behind antiquated firewalls, but for the most part this will be a non-event.

What I find interesting is that using the resolver test at RIPE, my OpenDNS provided resolvers fail.  

Hopefully that will be fixed before the big event.

 

Update:  OpenDNS responded to my query with a pointer to a forum article.  It seems they are just fine.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords: DNSSEC
3 comment(s)

Malicious iFrame on US Treasury and other sites?

Published: 2010-05-04
Last Updated: 2010-05-04 22:53:38 UTC
by Rick Wanner (Version: 1)
3 comment(s)

We have received a number of emails from readers pointing us to news articles indicating that the US Treasury is in the process of cleaning up malicious iFrame that have infected a number of their sites.  We have also received one report that this particular iFrame redirect has also been found at other sites and that perhaps this may be another registrar related compromise.

If anyone has any further information on whether or not this is bigger than just the US Treasury, we would love to hear it. 

As usual you can send us feedback through the comments to this diary, or via our contact page.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords:
3 comment(s)

SIFT review in the ISSA Toolsmith

Published: 2010-05-04
Last Updated: 2010-05-04 12:30:45 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Russ McRee over at holisticinfosec.org has once again written an excellent ISSA Toolsmith article.  This article is a review/tutorial of SIFT - SANS Investigative Forensic Toolkit.  SIFT is Rob Lee's open source forensic toolkit used for the SANS SEC 508.  Daniel Wesemann announced the availability of SIFT in a previous diary.

As usual Russ provides good insight into the high points of SIFT including how to install and configure SIFT.  He then walks you through some of the features of SIFT by performing a basic investigation of a memory image.

While the article only scratches the surface it is definitely worth the read if you are interested in forensics using open source tools.

 

-- Rick Wanner - rwanner at isc dot sans dot org

0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives