Symptom: Under some machine and network environments, the MAP Toolkit may cause the network to become saturated with activity and cause the machine running the MAP Toolkit to reboot. Cause: The MAP Toolkit has the ability to throttle itself on...(read more).. more »

Had to repost this awesome write-up from our fearless leader Chase: http://windowsteamblog.com/windows/b/springboard/archive/2012/04/11/data-data-everywhere-not-a-control-to-waste.aspx Rock on. -jeff...(read more).. more »

You’ve been asking for Exchange Server baselines. You’ve been waiting for the Windows 7 SP1 baseline update. They are all available now in SCM v2.5! SCM 2.5 includes a number of new and updated baselines, empowering you to manage configuration...(read more).. more »

In this blog, I will provide the step-by-step instructions to discover Oracle, MySQL, Sybase on Unix and Linux machines. Additional Resources: An overview of the MAP Toolkit: http://microsoft.com/map The Getting Started Guide : http://download.microsoft...(read more).. more »

  Summary: Since the number of products discovered across an enterprise can easily exceed the row limit in Excel, the MAP Toolkit does not currently have a builtin report to list the products like it does for other types of reports. However, you...(read more).. more »

There are two basic approaches to blocking malicious software – the same two approaches used for blocking spam. You can “blacklist” those programs (or that email) that is known or suspected to be bad and allow everything else. Or you can “whitelist” only those programs (or messages) that are known to be good/safe and block everything else. Ther.. more »

If your organization is running Apache web servers, you need to be sure they’re all fully updated with the latest patches. Here’s why: earlier this month, Arbor Networks reported that the latest version of a distributed denial of service (DDoS) bot named Armageddon is using the Apache Killer exploit – which targets a vulnerability in the Apache.. more »

Internet users’ mass protest against the SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act) was a big factor in the failure of those bills in the U.S. Congress – but the fight isn’t over. The White House is now publicly endorsing new legislation that targets “offshore copyright infringing web sites.” Many fear this is a rush job to try to get.. more »

No matter how vigilant you are about securing your own network, if you rely on third party vendors and services, to some extent security is out of your control. With more and more organizations putting some or all of their data and applications into the cloud, that paints a scary scenario. It may seem easier to outsource your IT services and let .. more »

FBI assistant executive director and cybercrime expert Shawn Henry warned recently in an interview that the U.S. is not winning the battle against cyber-criminals and that the current approach is “unsustainable.” The comments come at a time when Henry is Leaving the government to work in private industry. He recommends that companies change both.. more »

In this blog, I will provide the step-by-step instructions to discover SQL Server across the Enterprise.  See these resources for more information: An overview of the MAP Toolkit: http://microsoft.com/map The Getting Started Guide : http://download...(read more).. more »

We reported a while back that a security vulnerability had been discovered in some Hewlett-Packard LaserJet printers that could render them vulnerable to unauthorized access, although HP said there had been no real-world cases of such access occurring. The problem was that the software that enables updates over the Internet doesn’t verify the au.. more »

US-CERT has released a report on a vulnerability in Wi-Fi Protected Setup (WPS), a feature that makes it easier to set up wireless networks and devices, but – it turns out – can also expose them to the risk of an attacker gaining full access to the network by using a brute force attack to discover the PIN. WPS is a feature on many of today’s wirele.. more »

Revision Note: V1.0 (December 28, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft .. more »

$HOME_NET $HTTP_PORTS (msg:"DOS generic web server hashing collision attack"; flow:established,to_server; content:"Content-Type|3A| multipart/form-data"; nocase; http_header; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){500}/OPsmi"; reference:cve,2011-3414; .. more »

Severity Rating: Critical Revision Note: V1.0 (January 10, 2011): Bulletin published. Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an .. more »

Sometimes it seems as though cybersecurity is a little bit like the weather: everybody talks about it but nobody does anything about it. We might not be able to do much about the weather (although with some of today’s technology, that’s probably not as true as it once was) but we can do something to make our infrastructures more secure, and we even.. more »

It’s the nightmare scenario that every business fears: having your systems hacked and data stolen. It’s bad enough if it’s the company’s own sensitive information, such as trade secrets. But it can be even worse when it’s your customers’ data – especially credit card information – that’s exposed. Thousands of angry victims of identity theft who.. more »

Developers, developers, developers – they’re the ones who create the software that makes our computers do such amazing things, but they’re also the ones who (almost always unknowingly) build in vulnerabilities that attackers can take advantage of to attack our systems, bring down our networks and steal our data. Traditionally, developers haven’.. more »

any $HTTP_PORTS (msg:"Confirmed Microsoft 2659883 payload";flow:established,to_server;flowbits:isset,urlEncodedContentType;pcre:"/(\w*(&|=)){1000,}/smi";flowbits:unset,urlEncodedContentType; sid:1000020;rev:1;) The first rule will check for the content type “ ”. If it is present, the rule will set the flowbit “urlEncodedType”. If the urlEncod.. more »