The Internet Storm Center handlers are doing what we’re all doing. Playing a game of prognostication. Will there be exploitation of MS05-051 this weekend. SANS and Microsoft Security Response recommend patching now. So what are you still doing here. Get thee to http://windowsupdate.microsoft.com.
Just to throw a monkey wrench into things some people have reported to the ISC issues with the MS5-051 patch.
We cant make decisions based solely on what happened in August, but one good sign is that at this point exploit code has not been made public. Perhaps we will survived the weekend.
I know I’ve got school things to be working on and dont need to have any patching excitement.
Archive for October 2005
Batten Down the Hatches
More exploit code posted – MS05-044, ms05-045, ms05-048
The French Security Incident Response Team had posted exploit code for MS05-044, MS05-045, and MS05-048. Fortunately these weren’t the main 4 that I’m concerned about.
SANS did report yesterday that Immunity Sec Canvas customers have an exploit for MS05-051. That means the bad guys aren’t far behind. Or more likely the bad guys that do have it prefer to be able to hack with it instead of compelling everyone to patch by releasing a worm.
Patching Patching Patching Patching
Microsoft has posted the Security Bulletins for October. MS05-48 through ms05-052 are serious enough that it looks like this batch should be pushed out both on the desktops and the servers.
http://www.microsoft.com/technet/security/current.aspx (this link wasn’t updated at last check, but should be soon)
Webroot Phileas
I was perusing the Webroot website when I found the Phileas page. It sounds like the Microsoft Research Honeymonkeys project.
Phileas is a ground-breaking online spyware research system developed by Webroot. Using patent-pending technology that scours the entire Web, Phileas discovers spyware on the Internet faster and more efficiently than any other research method. More importantly, it does so before home computer users or corporations unwittingly become infected.
Redmond Mag
Redmond Magazine really drives me nuts. It used to be MCP Magazine. It was a magazine for Microsoft Certified Professionals. Now its just another PC magazine. The magazine seems to think that Microsoft users are just hoping for something better that deep down (or even at the surface) everyone must hate Microsoft. Why do I think this? Every issue 1/3 of the articles seem to be about alternatives to Microsoft and how much better they are.
I’m going crazy
School and work and personal life are starting to press down on me.
School has two projects due this week. One is to create a SSL denial of service utility. That requires some coding ability and understanding the order of requests in SSL. Sort of like a TCP Syn Flood we’ll try to give them a bunch of SSL client key exchanges. This will cause the server to be wasting a lot of processing on fake messages. As if this weren’t enough, we have to spend cycles setting up a vpn connection to the test network where the ssl server is located. Once we have tested our code we need to submit it via CVS over SSH, which sounds like yet another layer of fun.
Work has me running around. I’m working on a IM Security product, and I just dont feel like the two products I’m looking at give me the security I want. What is going to happen at the end of my two months of testing when I say, neither solution really does it for me?
Work is forcing us to sign a non-solicitation agreement. It feels like the 8th floor is just looking for ways to annoy the employees. I’m not sure if I should be having a lawyer look at this or what. There are definitely things in there that I don’t agree with.
Work was supposed to register me for Shmoocon instead they waited until after the registration deadline to tell me that work wouldn’t register using paypal and I’d have to do it myself.
Personal like, things are just starting to pile up. I need to get the yearly state inspection done on the car. It also needs an oil change. Its time for the fall furnace checkup. I need to set up a eye doctor appointment. And I’m going into the dentist in two weeks.
Something has to give soon…I’m going nucking futz!
Common Malware Naming Scheme
The register had an article yesterday on the new Common Malware Enumeration (CME) database. David Perry, global director of education at Trend Micro said this will do little to solve confusion, “Now every piece of malware will just have 18 names and a number.”
Graham Cluley of Sophos says that “big-hitting viruses will be tied together with a common thread.” That’s great, but that already happens with big viruses.
Virus naming is from an era of antivirus competition. Where each stove to discover a virus first and have the right to name it. Perhaps instead of going for an antivirus collective naming scheme, we need to return to the era of antivirus competition. Instead of writing open letters about the lack of a common virus naming scheme causing confusion, we should be writing open letters about the antivirus definition update model not adequately protecting our computers. I want something better.
(no) Support
I was just on the phone with an IM Security vendor support number. I asked how to set up the antivirus scanning. For my trouble, I got a lecture on the dangers of allowing file transfer via IM. No kidding, thats why I want the IM Security software. If I merely wanted to disable all the features of the IM product, I wouldn’t need your software!
Have a take, dont suck part 2
I blogged back in March about how annoying it is when people just do a cut and paste job when creating their own blog entries.
Matt Broadstock just posted something similar over at myitforum and he was freaking pilloried for having an opinion. I guess he forgot only posts cut and pasted from other locations are allowed. 
Yeah, but if Steve Ballmer said it.
Oracle’s president said on Friday his company would rather beat Salesforce.com than buy the much smaller provider of customer management software.
