Irregular Expressions:

July, 2010


July 26, 2010  3:24 PM

CVE-2009-3555 Cisco update



Posted by: Dan O'Connor
CVE-2009-3555

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml This is something I covered at the start of the year, I just noticed today that Cisco has updated the their advisory for the vulnerability with patch information and additional products. This was the issue that could allow a...

July 26, 2010  2:56 PM

Wikileaks releases new documents



Posted by: Dan O'Connor
wikileaks

The rumored documents that wikileaks had are real and they were released, the main site is overloaded at http://wikileaks.org.  But you can go to  http://wardiary.wikileaks.org if you really want to see them. Not that I am going to pick a side on this, but I really don't like the idea of all...


July 26, 2010  11:44 AM

UAE and the black berry security threat



Posted by: Dan O'Connor
Black Berry UAE

I can see how some countries and organizations could have a problem with a way the data on your black berry is stored.  It's much like cloud computing, and everyone has their own opinion on if they like the idea of their data being in another datacenter.  It's another step further to have that...


July 22, 2010  12:28 PM

REMnux



Posted by: Dan O'Connor
malware engineering, remnux

This is a little old, but I needed to use it the other day so I though I would share. http://zeltser.com/remnux/ REMnux is a linux distro build from Ubuntu that is for reverse-engineering maleware. It's not the be all and end all of it, but if you need something for you jump pack, its a...


July 22, 2010  11:31 AM

Opensource Event Correlation System – Part 3



Posted by: Dan O'Connor
sagan

Here is the rc file that I created for it.

#!/bin/sh

# PROVIDE: sagan
#

. /etc/rc.subr

name="sagan"
rcvar=${name}_enable

load_rc_config $name

: ${sagan_enable="NO"}

start_cmd=${name}_start
stop_cmd=${name}_stop
sagancmd="/usr/local/bin/sagan"

sagan_start() {
       ...


July 22, 2010  11:21 AM

Opensource Event Correlation System – Part 2



Posted by: Dan O'Connor
cisco mars, sagan, syslog

Ok I got it installed on FreeBSD. Download the latest version, it should be 0.1.3 right now.

fetch http://sagan.softwink.com/download/sagan-0.1.3.tar.gz
Unpack where yo want it,
tar -xvf sagan-0.1.3.tar.gz
Next do the old configure make, but you need to add some...


July 19, 2010  2:57 PM

Opensource Event Correlation System



Posted by: Dan O'Connor
sagan event correlation

This application was mentioned on the isc.sans.edu blog, I finally had some time to read it and it looks really nice. http://sagan.softwink.com/ It's the same idea as a Cisco Mars or RSA Envision system, it uses snort styled rules to parse syslog information and generate alerts and...


July 19, 2010  8:48 AM

Windows lnk file vulnerability



Posted by: Dan O'Connor
windows lnk

You will want to follow this thread. http://isc.sans.edu/diary.html?storyid=9181 Really great idea, the lnk just points to the malware and all you have to do is a file scan of the directory with the file and your done.  This also works on remote shares. Here is the same link from the sans...


July 18, 2010  12:33 AM

Excellent work up of a facebook vulnerability



Posted by: Dan O'Connor
facebook, facebook sql, inj3ct0r, inj3ct0r facebook

The inj3ct0r team did a real good job with this write up, http://inj3ct0r.com/exploits/11638 In the next few days I will pull a few quotes out of it and try to expand a little more on whats going on. Enjoy!


July 9, 2010  11:46 AM

VMWare VM Redundancy



Posted by: Dan O'Connor
SAN redundancy ESXi, VM redundancy ESXi, vmware

Have you ever had a VM that you needed to keep running if your SAN was not? This problem came across my desk at one point and it took a bit of thinking but I think I got a pretty good solution figured out. The ESXi host will be booting off a local disk, it will also have a local datastore. ...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: