Malware that wants to stay – Some passive protection tricks

Hello again   I wanted to talk about some of the things that malware does to make itself hard to remove. Most Trojans are designed to work on an average XP workstation and make assumptions based on that – which typically breaks servers in rather nasty ways.   I was recently looking at a Russian…


Small glitch – MS08-017 for Office 2000 is not currently downloadable

Hi folks Just a quick heads up – we know that the link from the bulletin is broken. We had a problem with propagating out the file to the web farm (it is a big old webfarm) and so the file is not universally available just yet.  We have a lot of operations guys running…


Firewalls and old school attacks

I saw a really old fashioned denial of service attack today. A customer was concerned that they were seeing odd ICMP packets. ICMP is the protocol used for pings. Very few system admins bother to monitor them because they are generally rather dull. However, they used to be (and apparently still is) a denial of…

1

I passed my CISSP exam

Well, nothing like getting all of my news out of the way in one go. Because of my self imposed rule that all blogs must have some technical content: Most bots don’t use hard coded IP addresses for their command and control mechanism. Sometimes the engine of the bot is passed the IP address as a…

2

Testing times

Hello all   I am sorry that I haven’t blogged for a while. It has been a bit of a busy time. After developing all that training (and I would love to be able to say who the audience were but I really can’t), I was on the receiving end of some for a change….

1