Thursday, October 22, 2009
Importing Known Malware IP's to Arcsight ESM
Wanted to share this proof of concept script I wrote to test out Arcsight's Common Event Format (CEF).
Essentially it grabs the latest list of known malware/bot IP's from SRI's Malware Threat Center and excellent resource for tracking malicious domains and spits them out to Arcsight via CEF Syslog.
Downloads:
malwarefeed.py
Labels:
Arcsight,
Botnet,
CEF,
Common Event Format,
Malware
Denial of Service vulnerability in Snort 2.8.1 - 2.8.5 beta
Advisory:
=========
Snort unified 1 IDS Logging Alert Evasion, Logfile Corruption/Alert Falsify
Log:
====
30/06/2009 Bug detected.
20/07/2009 First mail with snort team.
20/07/2009 Snort team answer they will fix it in the next release (2.8.5).
16/09/2009 Snort release, bug fixed.
Affected Versions:
==================
snort-2.8.1
snort-2.8.2
snort-2.8.3
snort-2.8.4
snort-2.8.5.beta*
link: http://pablo-secdev.blogspot.com/2009/09/snort-28-285stable-unified1-output-bug.html
poc: http://milw0rm.com/sploits/2009-snort-unified1_bug.tar.gz
=========
Snort unified 1 IDS Logging Alert Evasion, Logfile Corruption/Alert Falsify
Log:
====
30/06/2009 Bug detected.
20/07/2009 First mail with snort team.
20/07/2009 Snort team answer they will fix it in the next release (2.8.5).
16/09/2009 Snort release, bug fixed.
Affected Versions:
==================
snort-2.8.1
snort-2.8.2
snort-2.8.3
snort-2.8.4
snort-2.8.5.beta*
link: http://pablo-secdev.blogspot.com/2009/09/snort-28-285stable-unified1-output-bug.html
poc: http://milw0rm.com/sploits/2009-snort-unified1_bug.tar.gz
Monday, October 19, 2009
Securing LAMP video
Stumbled accross this screencast I made for my buddies at Firehost a couple of months back. Was my first screencast and didn't go so terrible :)
Goes over some of the basics for setting up a secure Ubuntu+Apache+PHP server...
Goes over some of the basics for setting up a secure Ubuntu+Apache+PHP server...
Tuesday, October 6, 2009
American Airlines now has in flight Wifi
American now has Wifi access on select planes, including 747 and MD-80's. Fees are $9.95 US for an all day pass and are currently running a free promotion for first time users.
The free promo requires registering an account using only an email address and code which they provide, no credit card is required. This means you can probably sign up using multiple email accounts and username for as long as the promo lasts.
When you sign up it assures you that the system is very secure and tested thoroughly by the FAA, the captive portal authentication is SSL based but after authenticating you are still vulnerable to any standard wireless man in the middle attack as there is no WEP, WPA or VPN protection.
Setting my radio to monitor mode quickly showed everyone's traffic on the flight, so security is non-existent at best.
Speeds were very good, similar to DSL connection but lots of intermittent latency made video streaming from Hulu unwatchable.
Here is a screen grab of an in-flight speed test.
The free promo requires registering an account using only an email address and code which they provide, no credit card is required. This means you can probably sign up using multiple email accounts and username for as long as the promo lasts.
When you sign up it assures you that the system is very secure and tested thoroughly by the FAA, the captive portal authentication is SSL based but after authenticating you are still vulnerable to any standard wireless man in the middle attack as there is no WEP, WPA or VPN protection.
Setting my radio to monitor mode quickly showed everyone's traffic on the flight, so security is non-existent at best.
Speeds were very good, similar to DSL connection but lots of intermittent latency made video streaming from Hulu unwatchable.
Here is a screen grab of an in-flight speed test.
Labels:
American Airlines,
sniffing,
Travel,
WIFI,
Wireless Security
Subscribe to:
Posts (Atom)