http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://www.secureworks.com/research/blog/index.php/2008/11/18/first-atrivo-now-mccolo Security researchers have had a number of victories to celebrate recently. First Atrivo and now McColo have been disconnected from the Internet. This was done not by law enforcement or other governmental action, but rather by the concerted efforts of the Internet community. http://www.secureworks.com/research/blog/?p=129 http://www.secureworks.com/research/blog/index.php/2008/11/03/tracking-gimmiv On October 23, 2008, Microsoft released an out-of-cycle emergency patch for a flaw in the Windows RPC code. The reason for this unusual occurance was the discovery of a "zero-day" exploit being used in the wild by a worm (or trojan, depending on how you look at it). The announcement of a new remote exploit for unpatched Windows systems always raises tension levels among network administrators. The fact that this one was already being used by a worm evoked flashbacks of Blaster and Sasser and other previous threats that severely impacted the networked world. http://www.secureworks.com/research/blog/?p=128 http://www.secureworks.com/research/blog/index.php/2008/11/03/beginning-of-the-end-for-estdomains http://www.secureworks.com/research/blog/?p=127 http://www.secureworks.com/research/blog/index.php/2008/10/21/darkmarket-fbi-sting-closes-e-doors DarkMarket.ws (known in carding, identity theft, and other black-hat rings) went "Dark" earlier this month. DarkMarket was widely known and respected among criminals as a forum for exchanging stolen banking data, credit card information, and other underground activities. What users of the site didn't know was that the site wasn't really hosted by Eastern-European hackers. http://www.secureworks.com/research/blog/?p=126 http://www.secureworks.com/research/blog/index.php/2008/10/10/clickjacking-attacks ClickJacking has recently been getting lots of media attention. Security Researchers Robert Hansen ("RSnake") and Jeremiah Grossman planned to give a talk outlining this vulnerability at OWASP AppSec, but the talk was cancelled. At this point, some details have come to light. http://www.secureworks.com/research/blog/?p=125 http://www.secureworks.com/research/blog/index.php/2008/10/01/toorcon-report http://www.secureworks.com/research/blog/?p=123 http://www.secureworks.com/research/blog/index.php/2008/09/23/speaking-at-toorcon-this-weekend I have the honor of presenting at ToorCon X this coming weekend at the San Diego Convention Center. I will be delivering a new talk entitled âLoaded Dice: SSH Key Exchange & the OpenSSL PRNG Vulnâ at 2pm PDT on Saturday, September 27. http://www.secureworks.com/research/blog/?p=122 http://www.secureworks.com/research/blog/index.php/2008/09/22/droppin-some-hashes At SecureWorks, we follow a Responsible Disclosure Policy. As such, when we find vulnerabilities in other vendorsâ products or services, there is often a delay between the discovery and when we can publicly disclose the issue. http://www.secureworks.com/research/blog/?p=121 http://www.secureworks.com/research/blog/index.php/2008/09/16/bgp-in-the-news Border Gateway Protocol (BGP), the high level routing protocol that figures out how to route packets between ISPs and other large Internet entities, has been seeing a lot of press recently. While BGP is vitally important to the Internet, it's not often talked about in the mainstream press. However, two rather interesting security related issues have come up in the past few weeks. http://www.secureworks.com/research/blog/?p=119 http://www.secureworks.com/research/blog/index.php/2008/08/25/the-phish-that-bites-back We all get phishing emails. Some of us more than others, so it's no surprise that sometimes people take out their frustrations on the phishing form, letting the phisher know just what they think of him or her. http://www.secureworks.com/research/blog/?p=107