Irregular Expressions:

July, 2010

July 26, 2010  3:24 PM

CVE-2009-3555 Cisco update

Posted by: Dan O'Connor
CVE-2009-3555 This is something I covered at the start of the year, I just noticed today that Cisco has updated the their advisory for the vulnerability with patch information and additional products. This was the issue that could allow a...

July 26, 2010  2:56 PM

Wikileaks releases new documents

Posted by: Dan O'Connor

The rumored documents that wikileaks had are real and they were released, the main site is overloaded at  But you can go to if you really want to see them. Not that I am going to pick a side on this, but I really don't like the idea of all...

July 26, 2010  11:44 AM

UAE and the black berry security threat

Posted by: Dan O'Connor
Black Berry UAE

I can see how some countries and organizations could have a problem with a way the data on your black berry is stored.  It's much like cloud computing, and everyone has their own opinion on if they like the idea of their data being in another datacenter.  It's another step further to have that...

July 22, 2010  12:28 PM


Posted by: Dan O'Connor
malware engineering, remnux

This is a little old, but I needed to use it the other day so I though I would share. REMnux is a linux distro build from Ubuntu that is for reverse-engineering maleware. It's not the be all and end all of it, but if you need something for you jump pack, its a...

July 22, 2010  11:31 AM

Opensource Event Correlation System – Part 3

Posted by: Dan O'Connor

Here is the rc file that I created for it.


# PROVIDE: sagan

. /etc/rc.subr


load_rc_config $name

: ${sagan_enable="NO"}


sagan_start() {

July 22, 2010  11:21 AM

Opensource Event Correlation System – Part 2

Posted by: Dan O'Connor
cisco mars, sagan, syslog

Ok I got it installed on FreeBSD. Download the latest version, it should be 0.1.3 right now.

Unpack where yo want it,
tar -xvf sagan-0.1.3.tar.gz
Next do the old configure make, but you need to add some...

July 19, 2010  2:57 PM

Opensource Event Correlation System

Posted by: Dan O'Connor
sagan event correlation

This application was mentioned on the blog, I finally had some time to read it and it looks really nice. It's the same idea as a Cisco Mars or RSA Envision system, it uses snort styled rules to parse syslog information and generate alerts and...

July 19, 2010  8:48 AM

Windows lnk file vulnerability

Posted by: Dan O'Connor
windows lnk

You will want to follow this thread. Really great idea, the lnk just points to the malware and all you have to do is a file scan of the directory with the file and your done.  This also works on remote shares. Here is the same link from the sans...

July 18, 2010  12:33 AM

Excellent work up of a facebook vulnerability

Posted by: Dan O'Connor
facebook, facebook sql, inj3ct0r, inj3ct0r facebook

The inj3ct0r team did a real good job with this write up, In the next few days I will pull a few quotes out of it and try to expand a little more on whats going on. Enjoy!

July 9, 2010  11:46 AM

VMWare VM Redundancy

Posted by: Dan O'Connor
SAN redundancy ESXi, VM redundancy ESXi, vmware

Have you ever had a VM that you needed to keep running if your SAN was not? This problem came across my desk at one point and it took a bit of thinking but I think I got a pretty good solution figured out. The ESXi host will be booting off a local disk, it will also have a local datastore. ...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: