InfoSec News

In response to the heavy publication in the press about the DLL hijacking vulnerabilities, Microsoft released a number of publications and even a tool of their own.
Judging from the comments on the article by Bojan and the difficulty in reading the instructions and the lack of a clear recommended value that stops the current ongoing attacks without breaking commonly used software packages, it's clear there is still some work ahead of us.
Not only do we need to understand it in detail and understand what we can block, but we need to test it all as well.
So, in a spirit of sharing how to make it work:

What are you using as mitigation against the DLLhijacking vulnerabilities ?
What did your tests with the different values and commonly used software packages (such as Microsoft Office)yield with the different values the tool supports ?

--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mark wrote in with an observation that abandoned free email accounts (such as those of hotmail, yahoo and the like)are being abused by spammers to send messages at a very slow rate to the contacts in those accounts.
As Mark noted himself, there's an obvious privacy issue if your contacts leak, and that's and that some of the former users have not only abandoned the service, but actually assumed the service would have been terminated due to no activity on the account anymore.
If you have observed the same thing, we're interested in hearing from you.
But it might be a good idea to verify the status of your former mailboxes you have around the globe and make sure there's nothing left of them of value to you or your attackers before you do abandon them. Better yet, those really old ones, should we not delete them properly?
UPDATE:
A reader pointed out it might not always be easy for users to deleted unwanted accounts judging from the support fora at e.g. hotmail, and hence it would be quite understandable that they just abandon the accounts instead of cleaning them up properly.
--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
An Indian security researcher who was arrested on Aug. 21 for the alleged theft of an electronic voting machine (EVM), was released on bail on Saturday by a magistrate in Mumbai.
 

3 areas where FUD needs to stop
IDG News Service
There is a new breed of animal appearing in the infosec community, according to Dr. Jimmy Blake, chief security officer for Mimecast, a cloud-services ...

and more »
 

Internet Storm Center Infocon Status