If you are still allowing executable attachments past your mail server then you deserve what ever malware gets into your systems.

Yesterday, VNUNET.com reported the following (possibly FUD?): (more…)

Jeremiah Grossman has made a good point that your public-facing web servers shouldn’t be secured using the ‘low hanging fruit’ technique. In this technique, you scan your network and remedy all the obvious vulnerabilities like old patches not installed, unnecessary services listening on the network, etc.

While this works great as a starting point in your network lock-down it isn’t a good approach to securing a web server. (more…)

One of my favorite quotes is; “Those who cannot learn from history are doomed to repeat it.”

90% of the malware floating around the internet today is regurgitated, canned attacks with only slight variations. So if we learn from history we’ll know that; (more…)

Sifting through the logs of my HIPS software this morning revealed an odd application on one of my hosts trying to get out to the Internet.

The file ‘C:\windows\system32\svohost.exe” is associated with a couple of different trojans but our AV software wasn’t picking it up as anything malicious so I uploaded it to VirusTotal.com and had it scanned by 26 different AV engines. Only a five of which detected anything malicious. (more…)

I was brutally reminded yesterday how important it is to keep an eye on things when you are updating systems rapidly. (more…)