Reading 10/8/14

The SANS Stormcast mentioned the Cuckoo Sandbox for malware research, so I took a few minutes and checked it out.  Based on the About and FAQ pages, this looks like a VM style sandbox to document what malware is actually doing to a Windows machine.  How it works – I don’t know as I went tl;dr on it.  If you are interested in malware forensics, this bad boy might be just what you needed.
VMSA-2014-0010 is now at revision nine, and the product list is as long as your arm.  If you haven’t checked on your VMWare products to see if they need a patch for bash, now is the time.
Google Releases Security Updates for Chrome and Chrome OS – Looks like a new patch for Chrome!
Oracle also released patches for the Bash vulnerability to their product line.  It doesn’t look like non-OS level products are affected such as the app and database servers.  Their appliances, Solaris, and Linux products all need patches.
Belkin Router Owners Suffering Massive Outages – The root cause of the problem is Belkin pinging a server on their own network to determine if the Internet is up, and preventing the device from routing otherwise.  Why would one prevent routing on a consumer-grade device connected to an ISP if your site is down?  The customer’s ISP is likely up and running, so why should they not be able to use your product?  This is why I steer people far away from any network-related Belkin products.  That being said, I do love their Bluetooth CarAudio Connect MAX product. 
SSDP Reflection Attacks Spike in Q3: Arbor Networks – DDoSers are finding new ways to bring you down.  Employ multiple protection schemes!
ARE YOU THREATENING ME? A TUTORIAL ON THREAT MODELING – This looks like a good starter on threat modeling, but I need to go back and re-read it.
SAFER ONLINE SURFING: SECURITY TIPS FOR NON-TECHIES – Also a very good write-up to encourage people to be more secure.
Watched the SANS Webcast “Securing The Human in EMEA – Next Generation Awareness Programs” – if you didn’t watch it live, definately go back and rewatch it.  One of my goals is to create a comprehensive awareness program at work, but it’s not as easy as it seems.
DoJ: Law Enforcement Can Impersonate People On Facebook – just scary

Leave a Reply

Your email address will not be published. Required fields are marked *