Late edition (Kyle Haugsness on duty):
Team Effort TodayToday's shift was really a team effort. Thanks to Swa, Lorna, Deb, and Scott for covering different hours of the day. -Kyle Be on the Lookout for PHP compromisesThis is a call to all the network and system security folks out there... Please be on the lookout for web-based intrusions happening in your environments. There have recently been major vulnerabilities discovered in phpBB and the XML_RPC libraries, which we have reported in the last two days. It's very likely that these vulnerabilities will be utilized to compromise systems. Try to be vigilant about securing your environment and reviewing your IDS alerts for attacks. Will New Anti-Spam Protocols Work?Not to be negative or anything... But it appears that the SPF (Sender Policy Framework) and Sender-ID anti-spam approaches have been approved as "experimental drafts" by IETF. So there is a new poll on the right with my question. How long before the spammers defeat these methods? Here are the relevant links: SPF: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt SPF status: https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12662&rfc_flag=0 Sender-ID: http://www.ietf.org/internet-drafts/draft-lyon-senderid-core-01.txt Sender-ID status: https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12542&rfc_flag=0 Internet Survival Time by SophosAnti-virus company Sophos published their own statistic regarding "internet survival time". Their number was 12 minutes. The survival time currently reported by dshield.org is 31 minutes. Their story also has some interesting statistics on the number of viruses in the first half of 2005 compared to last year. But don't let it spoil your weekend. If you are in the security field professionally, just think of it as job security. http://www.sophos.com/pressoffice/pressrel/uk/midyearroundup2005.html Early edition See also the phpBB: anti santi worm resurrection?With the release of the latest phpBB patch, we are seeing a reappearance of what looks like anti santi worm scanning for vulnerable hosts. If you have been broken into using this method in the recent days we'd love to have a look at the dropped files to see it this is still the anti santy worm or something using the same scanning engine. (Swa Frantzen on early duty) |
Handlers 76 Posts Jul 1st 2005 |
Thread locked Subscribe |
Jul 1st 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!