Thursday, October 23, 2008

Out-of-cycle patch from Microsoft

Microsoft released MS 08-067 as an emergency patch today. The Internet Storm Center has more information.

The big question I always ask with any MS patch is: is it 'wormable'? Could a self-propagating worm be written to exploit this vulnerability, and automatically infect remote systems? We haven't had a widespread one in a few years (going back to the Blaster and Sasser outbreaks).

Based on the patch MS08-067 replaces, MS06-040, my thinking is 'probably wormable'. A variant of the Mocbot bot/worm exploited MS06-040.

My advice: patch now.

Monday, October 20, 2008


Just a quick note to say I'll be delivering a talk at SANS CDI this December, titled Visualization of Network Attacks.

Sunday, October 05, 2008

CISSP in Pittsburgh

I just got back from teaching MGT 414 in Pittsbugh, PA. I taught on short notice, didn't book my plane,. etc., until 2 days before my flight.

I had never been to Pittsbugh before, so it was nice to check out the city. Steeler mania is certainly in full swing. I was also lectured on the wisdom of the Jason Bay trade from a cabbie (who took offense when I mentioned I 'missed' Manny). Both have been clutch in the postseason thus far, so I can't argue.

The nice thing about the Community SANS courses is the smaller classes allow a lot of networking between students.

I had a great time with the students; one student happened to live across the street from the hotel, and threw a dinner party for the class on Friday night. I can honestly say that a home-cooked meal is worth its weight in gold while on the road. Thanks, Nicole!