Slashdot Mirror

← Back to Domains

Domain: dshield.org

Stories and comments across the archive that link to dshield.org.

Stories · 13

  1. Researchers Create Highly Predictive Blacklists

    Tech · Security · · posted by samzenpus · from the evil-detector dept. · 71 comments
    Grablets writes "Using a link analysis algorithm similar to Google PageRank, researchers at the SANS Institute and SRI International have created a new Internet network defense service that rethinks the way network blacklists are formulated and distributed. The service, called Highly Predictive Blacklisting, exploits the relationships between networks that have been attacked by similar Internet sources as a means for predicting which attack sources are likely to attack which networks in the future. A free experimental version is currently available."

  2. Sony, Amazon Detail Rootkit CD Buybacks

    Yro · Business · · posted by Zonk · from the finally-some-customer-service dept. · 240 comments
    An anonymous reader writes "Washingtonpost.com is reporting that Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tainted with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course. Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs. Amazon.com also is sending out e-mails to customers who bought the discs, offering to replace or refund them at no cost."

  3. GDI Vulnerabilities: An Open Letter to Microsoft

    It · Security · · posted by michael · from the your-call-is-important-to-them dept. · 444 comments
    UnderAttack writes "Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not."

  4. New SANS/FBI Top 20 List

    Developers · Security · · posted by timothy · from the reverse-pecking-order dept. · 199 comments
    An anonymous reader submits "The SANS Institute (together with the FBI) published today an updated version of its list of The Twenty Most Critical Internet Security Vulnerabilities. As usual, part of the news is that not too much has changed. The list is split into 10 Unix and 10 Windows vulnerabilities. Leaders are BIND and IIS (last year it was RPC on the Unix side). But some issues (weak passwords) made it into both lists. For last years version, see here. In addition to this list, and a lot of other stuff, the SANS institute is behind DShield and the Internet Storm Center."

  5. Should ISPs Be The Little Man's Firewall?

    It · Security · · posted by timothy · from the then-the-spammers-have-won dept. · 790 comments
    Anonymous Coward writes "In a paper published today, the point is made that ISPs should filter some ports (e.g. 135) for good. I guess given what everyone sees hitting their various firewalls these days, this may make sense. But wasn't the Internet supposed to be 'open' at one point? Or are we to the point where Internet=Web (and maybe AIM). The author of the paper is operating DShield and I guess has some insight into this issue. He made the same points before on various mailing lists."

  6. RPC DCOM Cleanup Worm Appears

    It · Security · · posted by simoniker · from the someone-with-twisted-sense-of-humor dept. · 758 comments
    UnderAttack writes "This morning, the SANS Internet Storm Center posted a note about an increase in ICMP traffic, including a quick initial analysis. As it turns out, yet another worm, this time the W32/Nachi.worm, is going around taking advantage of the RPC DCOM vulnerability. The twist this time: the worm will actually clean up machines. It tries to download the correct patches from Windows Update and remove the Blaster worm."

  7. Fizzer Worm Uninstalling Itself

    It · Internet · · posted by CowboyNeal · from the sigh-of-relief dept. · 434 comments
    boredMDer writes "According to a recent update on the Dshield.org mailing list, apparently the Fizzer Task Force has gained control of the Geocities webpage from which Fizzer updates itself. From an IRC-Security mailing list: 'We have also postted a Fizzer cleaner to the actual URL that the bot downloads its updates from, as a self extracting and running executable.' The Fizzer-uninstaller posted there creates the file '%WinDir%\uninstall.pky', which then causes Fizzer to remove all of its registry keys. Looks like the Fizzer worm will soon come to an end."

  8. Federal NOC To Be Modeled After Incidents.org / DS

    It · Security · · posted by timothy · from the why-not-just-send-incidents-some-cash dept. · 30 comments
    An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

  9. Internet Storm Center Tracks Hack Attacks

    Internet · · posted by ryuzaki0 · from the graphic-violence dept. · 55 comments
    An Anonymous Coward writes: "It looks like Incidents.org has a new offspring, the Internet Storm Center. The internet storm center uses data from DShield.org to track hack attacks all over the world. Some of the interesting trivia: While usually, China has a bad reputation for the volume of attack coming from it, the US outpaces China by a lot. Actually, China only comes in at #6. So much for the great security boost the US gets from using genuine Microsoft software."

  10. PHP Security & Exploit

    Developers · Php · · posted by Hemos · from the fixing-it dept. · 28 comments
    Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

  11. PHP Security & Exploit

    Developers · Php · · posted by Hemos · from the fixing-it dept. · 28 comments
    Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

  12. Collecting Logs from Firewalls to Detect Crackers

    Internet · · posted by ryuzaki0 · from the interesting-ideas dept. · 138 comments
    Anonymous Coward writes "There is now a site dshield.org which collects firewall log excerpts to summarize and organize them in a database. The point is to single out script kiddies that scan large IP segments. It could all end up saving ISPs a lot of time running after / responding to gazillions of reports from users. Interesting: Right now, IPs used by @Home and RoadRunner to scan their users top the list. The site is only up for a couple of days. but already quite a bid of data has been collected. There is a little perl script that will automatically send Linux kernel log excerpts (ipchains style) to the sytem. ZoneAlarm logs can be processed as well."

  13. Collecting Logs from Firewalls to Detect Crackers

    Internet · · posted by ryuzaki0 · from the interesting-ideas dept. · 138 comments
    Anonymous Coward writes "There is now a site dshield.org which collects firewall log excerpts to summarize and organize them in a database. The point is to single out script kiddies that scan large IP segments. It could all end up saving ISPs a lot of time running after / responding to gazillions of reports from users. Interesting: Right now, IPs used by @Home and RoadRunner to scan their users top the list. The site is only up for a couple of days. but already quite a bid of data has been collected. There is a little perl script that will automatically send Linux kernel log excerpts (ipchains style) to the sytem. ZoneAlarm logs can be processed as well."