Wednesday Feb 8

Archive for the ‘Random-izations’ Category

« Older Entries
Newer Entries »
Jul
22/09
Adobe PDF Exploit in the Wild > Aggregated Data
Last Updated on Wednesday, 22 July 2009 03:27
Written by jj
Wednesday, July 22nd, 2009

There’s a new PDF exploit active and in the wild just identified by Symantec’s Security Response team.  I don’t have any additional magic insight or recommendations for this, but I wanted to help spread the word and provide some links to additional resources.

Quick Vulnerability Overview

  • Process happens when a malicious PDF is downloaded and drops payload of malware locally on the computer.
  • Vulnerability in Flash (which is embedded in browsers, PDF and other applications) and here is exploited by a malicious PDF file.
  • Protection by updating your antivirus software and verifying they are protecting from this exploit.
  • Malicious PDFs are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.
  • Operating systems current version exploits Windows XP and Vista (if UAC is not enabled).
  • Any software that uses Flash is potentially vulnerable to this issue.

Symantec’s Recommendation Overview
We (Symantec) are in contact with the Adobe PSIRT team in relation to this issue. We urge our customers to ensure their antivirus definitions are up to date. Like the vulnerability Dowd discovered, it’s likely that we will see many attacks over the coming months that will attempt to exploit this vulnerability. As always, keep an eye out for the official patch from Adobe and ensure all products are up to date. As an extra safety measure, Vista users should avail of the UAC (User Account Control) feature as this will help mitigate a successful compromise.

Original Vulnerability info from Symantec
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability

More on why Flash exploits are important
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

Tags: , , , ,   |  Posted under Random-izations  |  Comments  No Comments
Apr
17/09
Recent Email from Department of National Intelligence
Last Updated on Saturday, 28 January 2012 06:31
Written by jj
Friday, April 17th, 2009

What a way to start off RSA. I’m not even there yet!

Well I *just* got off the phone with the Press Secretary for Office of the Director of National Intelligence.

If you don’t know what happened, several of us in the ‘security community’ simultaneously received unsolicited emails, claiming to be communication and a press release from the Office of the Director of National Intelligence (U.S.). In addition to the content of the email, which Jack so kindly posted in its entirety, there was a PDF attached. You can see the PDF online from DNI’s site.

After a few chats with folks, we were all wondering what the source of the really was, and where the contact list had been pulled from. The entire thing was a bit suspicious, especially on the eves leading to RSA (or any security conference).

Our suspicions were confirmed. It’s all completely innocent. The DNI pulled the RSAMedia Contact list to publish their press release. Evidently there were plans to send an introductory email, but time was short (I’m sure we all understand that), so the intro was omitted and the press release sent as-is.

I sent an inquiry to GovDelivery (the sending entity) which was quickly forwarded to the press office of DNI. Their representative was kind enough to immediately give me a call to confirm the communication was legit.

We had an interesting conversation.We- me, the paranoid security person and he, the press person just trying to get the department’s news out. When he started to apologize for the unsolicited email, I stopped him to assure him I was less concerned with him having my email address, and more concerned that dozens of security specialists were unexpectedly contacted with a PDF attachment prior to a large security conference.

Although he didn’t immediately understand what the concern was in receiving this email, he was extremely polite and interested in ideas for (safely) contacting us security folk. I spent a few seconds explaining why we wouldn’t open attachments from unknown sources, and why we also would not be clicking on any links labeled ‘unsubscribe’ unless we were familiar with the source. As well as why calling the number on the same said email was not a suitable solution for us.

Yes, we’re all paranoid freaks. Well, those of us in the Security Bloggers Network, for sure. But hey, better safe than sorry, right?

# # #

Tags: , , , ,   |  Posted under Random-izations  |  Comments  1 Comment
Mar
25/09
Social Security Awards- Don’t be a hanging chad
Last Updated on Saturday, 28 January 2012 07:09
Written by jj
Wednesday, March 25th, 2009

So, maybe you’re a swinging chad or a tri-chad, and have several blogs you want to vote for? That’s fine. Just don’t be as indecisive as a pregnant chad- nobody likes a pregnant chad.  (more…)

Tags: , , , , , , , ,   |  Posted under Events, Random-izations  |  Comments  No Comments
Feb
08/09
An Update from JJ
Last Updated on Sunday, 8 February 2009 07:06
Written by jj
Sunday, February 8th, 2009

I promised in 2009 I’d be a better blogger and I haven’t followed through on that quite yet, but hang in there. While I’ve been ‘not’ blogging, I have been working on a variety of customer projects, labs, getting our new engineers up to speed, running beta tests for partners and working out the upcoming calendar for presentations and speaking engagements.

Sure- they take away from blog-time, but It’s all these fun things that give me the ammunition for good blogs and while I have a LOT of them rattling around in my head, for the past several months, I’ve had just enough time to jot the gist down on a scratch pad before heading out to tackle the next ‘emergency’.

So what have I been doing? Well to start, during Q4 of 2008 and January of this year, our company hired three more engineers, an account manager and communications/marketing manager along with a couple of internal support personnel. Now instead of just keeping up with what I’m working on, I’ve been tasked with managing the majority of engineering resources and projects. You’ll probably hear more about the new hires and additional projects we’re taking on soon.

In addition to that, we’ve been running tests, betas and lab configurations for a variety of products from our partners. Again, when it’s time I’ll share more information on that. For now most information is on NDA. This is some of the fun stuff I get to do… pounding away on products in a lab without the reprocussions of a production environment is like being able to draw all over your Mom’s white walls with Crayons. There’s something terribly fulfilling about it.

Of course I’m also working on materials for 2009 talks on the new (upcoming) 802.1X-Revision, which will have a huge impact on how organizations (especially government and enterprise) will design wired and wireless networks from here forward.

Outside of my regular duties at work, I’m very active in ISSA and was tapped to be the Chapter Development Chair and work with a team to carry out projects, trainings, membership outreach and special programs. That’s been going well and in January and February (so far) we’ve run recovery programs and reconnected with about 20% of past members, created a Raleigh ISSA Facebook community and are working on website and communications upgrades.

I’ve also been working out the 2009 schedule for conferences and speaking engagements. Obviously It’s only February 8th, so events past summer-ish are still not completely baked.

For now, here are some of the places you can find me…
(Up to date schedule maintained at http://securityuncorked.com/schedule/ )

 # # #

Tags: , ,   |  Posted under Random-izations  |  Comments  No Comments
Oct
01/08
Support Me in my Walk to End Alzheimer’s!
Last Updated on Wednesday, 1 October 2008 12:05
Written by jj
Wednesday, October 1st, 2008

I try not to blog too much about personal life, because -well- I assume it’s probably not of interest to anyone. Today, I’m going to make an exception here for a good cause.

Unless you already knew me (pre-blogging) you probably don’t know I had one grandmother who went on to better places after our horrible struggle with Lou Gehrig’s Disease years ago. But that’s a whole ‘nuther discussion. What’s today about?

My second grandmother (and only living grandparent now) is suffering from another, more common, affliction – Alzheimer’s. In recognition of her great achievements, and in support of the other millions affected by this disease, we have gathered the troupes and are participating in the 2008 Memory Walk.

Our team of about a dozen family members and friends will pound the pavement this Saturday, October 4th in Cary, NC in an effort to do our part!

Now, I will shamelessly ask for your support!

If you feel so compelled and want to join us, or donate online, PLEASE DO! Here’s how…

I have a dream, I have a goal and I think I have lots of really great readers who will throw in some love and donations. Even $1.00 or $5.00 is GREAT.

Granny Boop!

Granny Boop!

Here’s a photo of our Granny Boop with my cousin, Meredith, my Mom and me. (I think she looks mad because we took her chocolates away for the photo!)


Click Here to Donate
 

# # #

Tags: , ,   |  Posted under Random-izations  |  Comments  2 Comments
« Older Entries
Newer Entries »

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Topics