You can't depend on developers any more, they are just doing the shit the easy way, no code checking, no code assessment, the business needs are more important than spending hours and hours trying to figure out where are the bugs!??? 80% of web developers are just careless. My advise is keep your windows servers up-to-date. And deploy a web app firewall from vendors like F5 or Citrix. Blocking these kinds of attacks at the gateway is faster and will cover all of the vulnerable applications.
check out my blog here:
http://extremesecurity.blogspot.com/2008/04/un-site-took-injection.html
ISP's should enhance their services, buy installing a free antivirus on the customer computer, if it's not already protected by a one, to make their network cleaner. I have a good feeling, if ISP's give some attention to such services will make the Internet better. But leaving the careless, clueless end users alone, will increase the number of bots.
http://extremesecurity.blogspot.com/
Some ISP's block SMTP traffic from dsl users, but not for corporate users, which is necessary for their business needs. which allows bots to send spams also, the solution is allowing only specific mail servers from the corporate networks, like SPF. From my experience, firewall admins should take the blame also. coz, depending on (Allow Internal-to-Internet Any) approach will make them criminals by leaving the doors open for the Spammers! Always, review the FW rules & logs. Another problem, is contractors when they install the FW for the customer, to make their visit short and without problems, they allow every inbound/outbound ports to keep the customers services and chat software working! make them happy;)
End users are not always the blamed ones, I remember one case, that a sales guy installed a FW for a customer, and what he just did is, he turned-on the FW, and the power/status led's start blinking... without connecting any cables !!! then he told the poor IT guy that your network is protected now !!! WTF
http://extremesecurity.blogspot.com/
I think since Google has the technology to discover and index malware distributing sites, and they should provide a new feature which will put a small red warning beside malicious results. Like McAfee SiteAdvisor service dose. This will decrease the number of infected machines in the Internet, and this is very easy to be noticed by novice users.
ExtremeSecurity Blog Admin
http://extremesecurity.blogspot.com/
Slashdot Mirror
Did Downadup/conficker attack your network? I've created a batch file for system administrators to clean/patch/cure infected systems in their networks. check it out here: http://extremesecurity.blogspot.com/2009/01/beat-downadupconficker-like-pro-my.html
You can't depend on developers any more, they are just doing the shit the easy way, no code checking, no code assessment, the business needs are more important than spending hours and hours trying to figure out where are the bugs!??? 80% of web developers are just careless. My advise is keep your windows servers up-to-date. And deploy a web app firewall from vendors like F5 or Citrix. Blocking these kinds of attacks at the gateway is faster and will cover all of the vulnerable applications. check out my blog here: http://extremesecurity.blogspot.com/2008/04/un-site-took-injection.html
System admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains. check here: http://extremesecurity.blogspot.com/2008/03/iframe-attacks-actions-to-be-taken.html
System admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains. check here: http://extremesecurity.blogspot.com/2008/03/iframe-attacks-actions-to-be-taken.html
ISP's should enhance their services, buy installing a free antivirus on the customer computer, if it's not already protected by a one, to make their network cleaner. I have a good feeling, if ISP's give some attention to such services will make the Internet better. But leaving the careless, clueless end users alone, will increase the number of bots. http://extremesecurity.blogspot.com/
Some ISP's block SMTP traffic from dsl users, but not for corporate users, which is necessary for their business needs. which allows bots to send spams also, the solution is allowing only specific mail servers from the corporate networks, like SPF. From my experience, firewall admins should take the blame also. coz, depending on (Allow Internal-to-Internet Any) approach will make them criminals by leaving the doors open for the Spammers! Always, review the FW rules & logs. Another problem, is contractors when they install the FW for the customer, to make their visit short and without problems, they allow every inbound/outbound ports to keep the customers services and chat software working! make them happy ;)
End users are not always the blamed ones, I remember one case, that a sales guy installed a FW for a customer, and what he just did is, he turned-on the FW, and the power/status led's start blinking ... without connecting any cables !!! then he told the poor IT guy that your network is protected now !!! WTF
http://extremesecurity.blogspot.com/
Hi, You can visit http://malwaredomains.com/ and get the DNS/HOSTFILE blacklists and use them to prevent local machines from accessing these domains. Check my post here about this technique: http://extremesecurity.blogspot.com/2008/03/dns-redirection-techniques.html
Good Luck
extremeSecurity.blogspot.com
Firefox 3 has NoScript as a built-in feature ... ;)
http://extremesecurity.blogspot.com/
1) Deploy network IPS 2) Deploy HIPS 3) Deploy Anti virus solution (symantec, kaspersky, trend micro) 4) Firewall Rules 5) Windows WSUS (updates) 6) Switch IDS cards (Cisco) 7) Sniff and monitor high traffic utilization 8) Internet Content filtering (ex. WebSense + the advanced protection option to filter requests to infected hosts) 9) Good Anti Spam solution (ex. Borderware MXstream) 10) Educate users ExtremeSecurity Blog Admin http://extremesecurity.blogspot.com/
I think since Google has the technology to discover and index malware distributing sites, and they should provide a new feature which will put a small red warning beside malicious results. Like McAfee SiteAdvisor service dose. This will decrease the number of infected machines in the Internet, and this is very easy to be noticed by novice users. ExtremeSecurity Blog Admin http://extremesecurity.blogspot.com/