IPv6 Focus Month at the Internet Storm Center
As Johannes posted about at the end of January, we're going to focus on IPv6 during the month of March. It probably won't be quite like our Cybersecurity Awareness Month posts in Oct, but we do want to look at the security issues and implications of IPv6. We are still open to suggestions for topics or guest diaries, so feel free to send them to us in e-mail or reach out via the contact page. To kick things off, I figured it would be worthwhile to point you to the diaries that we have done in the past with respect to IPv6, Johannes, Guy, and I have each written on the subject more than once. We also have some IPv6 videos, the 6to4 conversion tool, and the IPv6 tcpdump cheatsheet (though the first page doesn't seem to display all that well in the new HTML5 PDF viewer in Firefox 19, at least, not for me).
References:
https://isc.sans.edu/diary/IPv6+Focus+Month/15049
https://isc.sans.edu/tag.html?tag=ipv6
https://isc.sans.edu/ipv6videos/
https://isc.sans.edu/tools/ipv6.html
https://isc.sans.edu/presentations/ipv6.pdf
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
And the Java 0-days just keep on coming
The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I haven't had a chance to actually look at the malware yet, so go read the Fireeye writeup for the indicators of compromise to look for in your network. Simultaneously, Adam Gowdiak has also informed Oracle of 2 different exploitable vulnerabilities (though at least one of his only affects 7u15, not 6u41), though those exploits are apparently not be used in the wild at the moment. In the meantime, all our previous advice still applies. If you don't need Java, don't install it/remove it. If you do need it, only enable it when you need it and/or run it inside another sandbox (SandboxIE, a sacrificial VM).
References:
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html
http://www.zdnet.com/oracle-investigating-after-two-more-java-7-zero-day-flaws-found-7000011965/
https://isc.sans.edu/diary/When+Disabling+IE6+%28or+Java%2C+or+whatever%29+is+not+an+Option.../14947
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Comments