http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://www.secureworks.com/research/blog/index.php/2008/08/04/speaking-at-defcon-16 I'll be delivering two talks at DEFCON 16 in Las Vegas this Friday, August 8th. My first talk, The Wide World of WAFs, covers web applications firewalls and some PCI DSS background. In talk that afternoon, Snort Plug-in Development: Teaching an Old Pig New Tricks, I'll be releasing GPL licensed Snort plug-ins for ActiveX control detection and for detecting OpenSSH clients and servers using a broken Debian OpenSSL PRNG. http://www.secureworks.com/research/blog/?p=102 http://www.secureworks.com/research/blog/index.php/2008/07/29/sami-is-my-hero-ms08-033-disassembled My name is Bow Sineath and I have recently joined the SecureWorks Counter Threat Unitâ"¢ (CTU) as a security researcher. During my previous employment, I managed an IDS/IPS signature set and was responsible for acting on vulnerability intelligence that was, more often than not, very limited in public details. My experience in reverse engineering, source code analysis and countermeasure development is assisting SecureWorks in developing countermeasures that accurately protect our clients. http://www.secureworks.com/research/blog/?p=101 http://www.secureworks.com/research/blog/index.php/2008/07/25/cleaning-up-e-gold-not-likely "On Monday, the Nevis, West Indies, company, its founder and two senior directors all agreed to plead guilty to various charges related to money laundering and the operation of an unlicensed money transfer business. The agreement ends a nearly four-year investigation into the company and its digital currency service, which -- because of the anonymity it provided account holders -- became a popular method for cybercriminals to turn ill-gotten proceeds into clean cash." http://www.secureworks.com/research/blog/?p=100 http://www.secureworks.com/research/blog/index.php/2008/07/11/police-thieves The Unnamed Police Department (weâll just call them the UPD for short) is charged with keeping the peace in a major American metropolitan area. For a public safety website, theirs is quite advanced. Visitors can view dynamically generated maps showing the distribution of different classes of crimes, make anonymous tips to the narcotics squad, and even try to sign up to join the force. As those of us that work in information security well know, all that rich web functionality brings increased risk. http://www.secureworks.com/research/blog/?p=98 http://www.secureworks.com/research/blog/index.php/2008/07/10/dan-kaminsky-strikes-again-with-dns-vulnerability This past Tuesday July 8th was a big day in information security. Accomplished security researcher Dan Kaminsky of IOActive announced a major new vulnerability in the DNS infrastructure underpinning the Internet. What is the vulnerability, you ask? We may all have to wait for Dan to tell us at the Black Hat Briefings security conference, kicking off on Wednesday August 6th. http://www.secureworks.com/research/blog/?p=97 http://www.secureworks.com/research/blog/index.php/2008/07/10/it-can-happen-to-anyone Writing good antivirus software is hard. Just ask the developer at a major antivirus company who was infected with the Coreflood trojan on his personal computer for over a year. Perhaps he was just testing their product, but it seems odd to have allowed the trojan to capture some of his personal information. http://www.secureworks.com/research/blog/?p=96 http://www.secureworks.com/research/blog/index.php/2008/07/02/false-positives-in-the-legal-system Recently Lori Drew was charged with violating the Computer Fraud and Abuse Act for signing the up for a MySpace account under a fake name. While the larger circumstances were quite shocking (and have been covered enough I don't think I need to go into them), she was charged for nothing more than pretending to be someone else on the Internet. http://www.secureworks.com/research/blog/?p=95 http://www.secureworks.com/research/blog/index.php/2008/07/01/down-the-javascript-rabbit-hole In the last weeks, the SecureWorks Counter Threat Unitâ"¢ noticed a significant uptick in the volume of mass SQL injection attacks. What follows is a small part of an in-depth analysis we undertook to better understand these attacks. http://www.secureworks.com/research/blog/?p=94 http://www.secureworks.com/research/blog/index.php/2008/06/04/new-round-of-mass-sql-injections There's a new round of the Mass SQL injection attacks that have been going on for the past few months. This time it looks like the bad guys are using a slightly different variant of the SQL injection attack and the backend malware dropper pages. In previous iterations the SQL attack looked like this: http://www.secureworks.com/research/blog/?p=92 http://www.secureworks.com/research/blog/index.php/2008/05/28/summercon-in-atlanta-this-weekend Ben Feinstein will be delivering a talk on PCI 6.6 and web application firewalls (WAFs) at Summercon this coming Saturday May 31st. If you are going to be in the Atlanta area this weekend, you really ought to come out and join the fun! http://www.secureworks.com/research/blog/?p=91