Security Blog

Chris Larsen's picture
Written by
Chris Larsen
An interesting attack showed up in the logs this past weekend. The attack traffic was headed to rogue subdomains on a couple of sibling sites:
Waylon Grange's picture
Written by
Waylon Grange
Recently Google announced a new vulnerability in the SSL protocol used for web encryption. The vulnerability can only be triggered in a protocol from the 1990s, which has been replaced by more secure versions yet 98% of all web servers still support using the older protocol. Here is why we should be less worried about backward compatibility and be more concerned with implementing stronger web security protocols.
Chris Larsen's picture
Written by
Chris Larsen
Coincidentally, as I was winding up my trip to Japan -- doing a last look through the malware logs for something interesting before I went to bed -- I noticed a Japanese-looking domain name (kyokutou-tikka.com) showing up as a referrer into a malicious network. Sure enough, it was the site for a Japanese industrial company that specializes in metal treatment:
Kiel Wadner's picture
Written by
Kiel Wadner
There are two things I really enjoy about working in information security. One is the puzzle of connecting dots and looking for connections. It's like a whodunnit without looking at dead bodies! Second are the research connections between a variety of individuals and companies that occur. Sometimes officially and sometimes just getting ideas and pieces of the puzzle from each other. None of us see everything or have the whole picture.
Chris Larsen's picture
Written by
Chris Larsen
As part of working on an update to the "Shade EXE Detector" module in WebPulse, I was reviewing different types of executables that come through our logs, and how they're disguised. One of the evil sites in the current catch-basket was this one: (As a scam, it looks pretty good, although one could quibble with their mistaken use of "employers" instead of "employees" in two places...)
Waylon Grange's picture
Written by
Waylon Grange
Since the initial disclosure of CVE-2014-6271 further review has revealed four more vulnerabilities in bash that belong to the Shellshock family, namely, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, and CVE-2014-6277.