Changes

With coming home from VMworld, I got inspired to finally do what I have meant to do for awhile — separate my eclectic blog.  I have seen the problem for awhile that while my URL for this blog features network administration and virtualization the actual blog does not.  It used to until my Youtube career or . . . → Read More: Changes

Share

JPEGofDeath and the Bagle variant (AM) – Trend Antivirus worries

From K-Otik — not sure if a compiled copy is floating around the ‘Net:

*
* Exploit Name:
* =============
* JpegOfDeath.M.c v0.6.a All in one Bind/Reverse/Admin/FileDownload
* =============
* Tweaked Exploit By M4Z3R For GSO
* All Credits & Greetings Go To:
* ==========
* FoToZ, Nick DeBaggis, MicroSoft, Anthony Rocha, #romhack
* Peter Winter-Smith, IsolationX, YpCat, Aria Giovanni,
* Nick Fitzgerald, . . . → Read More: JPEGofDeath and the Bagle variant (AM) – Trend Antivirus worries

Share

Exploit Release: Microsoft Windows 2K/XP Task Scheduler .job Exploit (MS04-022)

K-OTik : MS04-022 Microsoft Windows 2K/XP Task Scheduler .job Exploit (MS04-022)

//************************************************************* // Microsoft Windows 2K/XP Task Scheduler Vulnerability (MS04-022) // Proof-of-Concept Exploit for English WinXP SP1 // 15 Jul 2004 // // Running this will create a file “j.job”. When explorer.exe or any // file-open dialog box accesses the directory containing this file, // notepad.exe will . . . → Read More: Exploit Release: Microsoft Windows 2K/XP Task Scheduler .job Exploit (MS04-022)

Share

Exploit Release: Windows 2000 Utility Manager all in one Exploit (MS04-019)

K-OTik : Windows 2000 Utility Manager all in one Exploit (MS04-019)
** [Crpt] Utility Manager exploit v2.666 modified by kralor [Crpt] ** ******************************************************************************************* ** It gets system language and sets windows names to work on any win2k ** ** Feel free to add other languages ** ** v2.666: added autonomous (allinone) remote exploitation . . . → Read More: Exploit Release: Windows 2000 Utility Manager all in one Exploit (MS04-019)

Share

July Security patches – time to patch the servers

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis
MS04-21: References CAN-2004-0205 IIS 4.0 remote buffer overflow – full remote control. If you still use IIS 4.0 this is probably yet another reason to upgrade.

MS04-22: References CAN-2004-0212 REMOTE code execution in the task scheduler with the privileges . . . → Read More: July Security patches – time to patch the servers

Share

Windows 2003 Server SP1: Templates more than just for setup anymore

Microsoft’s SP1 for Server 2003 Packs a Security Punch
The biggest addition due in SP1 is a technology called server roles that can automatically set up security procedures based on server use. With templates that define settings for servers, Windows will be able to lock down Web, mail and FTP servers and other boxes, said officials.

For . . . → Read More: Windows 2003 Server SP1: Templates more than just for setup anymore

Share

Microsoft IIS SSL (MS04-011) Worm in the Wild? Or Maybe Not.

. . . → Read More: Microsoft IIS SSL (MS04-011) Worm in the Wild? Or Maybe Not.

Share

Three Exploits for the latest vulnerabilities (MS04-11 and TCP Reset)

TCP Connection Reset Remote Windows 2K/XP Attack Tool Source Code
AFX TCP Reset by Aphex

http://www.iamaphex.cjb.net

unremote@knology.net

Microsoft IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011)
THCIISSLame 0.2 – IIS 5 SSL remote root exploit
/* Exploit by: Johnny Cyberpunk (jcyberpunk@thc.org)
/* THC PUBLIC SOURCE MATERIALS
/* Bug was found by Internet Security Systems
/* Reversing credits of the bug go to Halvar Flake

Microsoft Windows . . . → Read More: Three Exploits for the latest vulnerabilities (MS04-11 and TCP Reset)

Share

MyDoom.F deleting work and pr0n – Using Snort to "protect" one's pr0n

Martin McKeay’s Network Security Blog: MyDoom.F
“Oh no! The virus ate all my pr0n! And my my work files too.” Here are a couple of links to the antivirus sites, and the signature I’m using in Snort. By the way, this signature came from the Snort-signatures mail list, but I already deleted the email, so I can’t . . . → Read More: MyDoom.F deleting work and pr0n – Using Snort to "protect" one's pr0n

Share

VLANs are not for security again

I have commented before about VLANs, but it was applicable again at work on Friday. We are working with a IBM HS20 BladeCenter environment, which places all servers behind two Gigabit switches. A server could be attached to either or both switches, which in our case one was in the DMZ and one was . . . → Read More: VLANs are not for security again

Share

Statistics