posted by: Mike on September 19, 2009 11:48 PM
filed in: Uncategorized
tagged: application control, circumvention, data leakage
Beyond Ports and Protocols
Often we talk about how destination port is not an accurate classification for controlling network traffic. At this point, hopefully that is obvious. Everyone knows that just about anything can get out of an enterprise network via port 80 or 443. Lately I have had several discussions with customers curious about protocol validation and ensuring that only “valid” traffic is being allowed. Being “valid” has become a mostly useless concept. How do you control traffic on 80 and 443? You put in a proxy, right? Hmm. That is useful if you want to make sure non-HTTP applications do not take advantage of a firewall policy that allows 80 and 443 out of the network. However, it is clearly not that simple – and it is not just HTTP that is the issue.
…Continue reading
posted by: Chris King on September 16, 2009 3:14 PM
filed in: Uncategorized
tagged: application control, social networking
More Control for Facebook
Mafia Wars. FarmVille. YoVille. PetSociety. Hot or Not. Texas Hold ‘Em.
Many of you will have played, or seen updates from your friends on the above games – they represent some of the most popular applications on Facebook. Some of my friends talk about “lost weekends” with various Facebook games, where they get so involved in online play, hours or days go by without pause – and as a result, my news feed is peppered with evidence of their progress in this month’s hottest game.
…Continue reading
posted by: Alfred on September 11, 2009 10:19 PM
filed in: Threat Advisories - Advisories
tagged: microsoft, zero-day
Microsoft SMB2 Vulnerability
Microsoft has announced an out-of-band release for a vulnerability (CVE-2009-3103) in the SMB2 protocol which exposes Windows Server 2008 and Windows Vista users to possible remote code execution attacks. It does not appear that Windows 2000 and Windows XP are affected because they do not have the vulnerable SMB2 driver. The vulnerability is labeled as critical and there is publically available exploit code. The vulnerability is an index error in the SMB2 protocol implementation in srv2.sys, which allows remote attackers to either cause a denial of service attack or execute remote code on a vulnerable system through an ampersand (&) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet. This triggers an attempted dereference of an out-of-bounds memory location. …Continue reading
