Archives - January 2010

Uncategorized Millennium Falcon: Crash & Burn Revisited

Millennium Falcon: Crash & Burn Revisited

I originally posted this on the AVIEN blog site at http://avien.net/blog/?p=286, but in view of the increasing volume of "Y2.10k" date-related bug reports, I'll re-post it here with an updated list. (Thanks to Mikko Hypponen for posting a couple of links I hadn't seen.) Windows Mobile/SMS bug (Welcome to 2016!) http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/ http://www.wmexperts.com/y2016-sms-bug Bank Bugs: http://www.theregister.co.uk/2010/01/04/bank_queensland/ http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]

Uncategorized Dark Reading and Crystal Balls

Dark Reading and Crystal Balls

Apparently it's not just me that's sceptical about the value of security crystal ball-gazing. Tim Wilson of Dark Reading takes us (the security industry) to task for being "subjective" and inconsistent in our predictions for the coming year. Strangely, although he does quote an ESET blog (an observation of Randy's) in his selection of predictions he

Uncategorized Ten Ways to Dodge Cyber‑Bullets (Part 3)

Ten Ways to Dodge Cyber‑Bullets (Part 3)

[Part 3 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Do You Need Administrative Privileges? Included for completists, though I don’t think I’ve added anything here to the original blog. I think it’s

Uncategorized Adobe, Javascript, and the CVE‑2009‑4324 Exploit

Adobe, Javascript, and the CVE‑2009‑4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today’s article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

Uncategorized Heuristic Detection Techniques

Heuristic Detection Techniques

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking. 1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same? 2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled

Uncategorized Advance Fee Fraud: Another Aspect

Advance Fee Fraud: Another Aspect

When we think Advance Fee Fraud (AFF) we usually think in terms of the 419-type scams often associated with Nigeria, though similar frauds actually come from all over. You know the sort of thing: the banker, or the wife or son or daughter of a defunct dictator or benevolently inclined millionaire plane-crash victim wants to share their

Uncategorized Ten Ways to Dodge Cyber‑Bullets (Part 2)

Ten Ways to Dodge Cyber‑Bullets (Part 2)

[Part 2 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Catch the Patch Batch Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product