March 30, 2007 by alexeck
A surprising post at SANs this morning:
A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-1765) depending on the actions and settings of the email client.
The surprising element is that read in plain text mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.
More here (via Donna).
This is not a vulnerability to be taken lightly…
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 30, 2007 by alexeck
Greg Kras and I will be giving a preview of our new CounterSpy Enterprise 2.0 next Tuesday. (This is the version of CounterSpy designed for business use).
If you want to take a look, please join us:
A First Look at CounterSpy Enterprise 2.0
When: Tuesday, April 3, 2007 2:00 PM (EDT)
To join the day of the event please visit:
Meeting ID: 92SSQC
Attendee Meeting Key: XR*mw9Z
Audio: Toll free: +1 (800) 416-4956
Toll: +1 (978) 964-0050
Participant code: 104764
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 29, 2007 by alexeck
There is spam out there that tries to get you to download IE 7. It’s fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre.
And just for fun, check out the source code of this spam.
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 29, 2007 by alexeck
The folks over at McAfee have written today about a new zero day, and it doesn’t look pretty. Our team is on high alert for this exploit and we are actively hunting for any sites which are using it.
From McAfee:
Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a
fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
The ani format is an animated cursor format. We’ll post more information as we get it.
Alex Eckelberry
Update: Microsoft security advisory here.
Posted in Uncategorized | Leave a Comment »
March 29, 2007 by alexeck
I’m going to give you a sneak peek of a very cool skunkworks project going on over at Mayhemic Labs.
One thing that a lot of people have commented on (and particularly the good folks over at F-Secure) is that phishers register domains using words like “Chase”, “ebay”, etc. This makes it easier to foil their victims (such as having a URL like “chase-banking-center.com).
Of course, a great idea is to have the domain registrars simply refuse to register domains with these names (or at least trigger a review of a suspicious domain before allowing it to register). However, that’s not always easy to get done.
But what if new suspicious domain registrations were automatically tracked in a format that allows everyone to see what’s going on?
That’s just what Ben Jackson did over at Mayhemic Labs: He developed a “Domain Tracker System” to track domain registrations by using DomainTools’ Domain Mark reports.
Called the Crow’s Nest, it aggregates submissions of domain mark reports containing keywords that would be likely used in a phishing domain. The system processes these reports and adds them into a database. The submitter (or other volunteers) can then flag domains that look suspicious. These domains are then monitored for activity. Every 6 hours registration and DNS records are checked to see if the domain is hosted and or still registered. If the site is hosted, the user can then check the site and see if something phishy is going on, and if so, notify the parties affected.
For now, this site is only being used by security researchers. There’s also lots of people who helped him in this, and when it goes public, I’m sure he’ll thank those that don’t mind being publlicly acknowledged.
Expect this site to be public in a few weeks. And then those Phishers will feel a whole lot of hurt.
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 29, 2007 by alexeck
The folks over at McAfee have written today about a new zero day, and it doesn’t look pretty. Our team is on high alert for this exploit and we are actively hunting for any sites which are using it.
From McAfee:
Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
The ani file format is an older format, sort of a poor-mans AVI or animated GIF. We have a sample of this exploit code and it’s not pretty.
We’ll post more information as we get it.
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 27, 2007 by alexeck
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 27, 2007 by alexeck
Over the holidays, I bought myself a Canon Rebel XTi as a Christmas present. It’s my first digital SLR (I have an analog 35 mm SLR and plenty of digital point and shoots, but never made the leap to digital SLR) and I’ve been learning slowly but surely, with a bit of help from Robert LaFollette, Sunbelt’s creative director (and an uber-guru on photography).
One area I’ve been playing with is HDR (High Dynamic Range), using PhotoMatix. I love the effect but there are tricks to learn to do it well. Of course Robert’s done plenty of HDR and he sent me this incredible HDR photo he took in Miami a few weeks ago.
You can see more of Robert’s pics here. And if you want to see lots of HDR flicks, there’s also a HDR section on Flickr.
Alex Eckelberry
Posted in Uncategorized | Leave a Comment »
March 27, 2007 by alexeck
Normally from a group associated with running haxdoor monstrosities, we see this opportunity to be a mule.
Your task as a Smart Transfer manager will consist in transferring payments from one of our clients to another.
Due to the fact that our company works in securities market, we constantly buy and sell payments, so you will work with this money. Also there will be tasks to receive charity money from our donators worldwide and resend them to our HQ for future resending.
Your profit depends on how fast money circulates in the world transaction system. You have nothing to loose while doing this one-click job. Just check your email for a message from us with information about wire transfer to your checking account and instructions what to do with it. The faster you send the money further, the higher numbers of transfers to process you get. No office work, no need in special financial skills, flexible timetable. You choose work time yourself. 1-2 hours of occupation a day. For each transaction you will get 140$.
For the first month you should receive about 15 transactions, later, depending on your speed and accuracy you can get more. You will get paid on the 10th day from your first transfer, and after that monthly. We guarantee that you receive at least 15 transfers a month, what makes minimal payment of 2100$.
Registered to Fidel Castro in Havana. Cuba libre!
Alex Eckelberry
(Thanks Patrick)
Posted in Uncategorized | Leave a Comment »
March 27, 2007 by alexeck
Alex Eckelberry
(Thanks Eaglewolf and the PIRT team)
Posted in Uncategorized | Leave a Comment »
