Sicherheits-Blog [EN]

I am currently working on a few presentations that I will give in the upcoming weeks. One of them will touch correlating data and actually is giving some interesting information. Using some older data to demonstrate this, in 2007 I made a screen dump from our Analysis Desktop’s Botnet database, in particular from a – at that time – new botnet. It showed that we had 3 different pieces of unique malware all connecting to the same Channel (Matrizzz) of the Botnet on the same C&C Server.

Lots have been written already about it, so I will keep it short on what it exactly involves.
Basically, whenever an application wants to load a DLL, it can do that absolute (using a full pathname as “c:\windows\system32\dllname.dll”) or relative (“dllname.dll”). In the latter case, Windows will search through the predefined set of directories to locate and load the requested DLL.

Taken from David LeBlanc’s blog, the sequence is:

If it were up to me
I'd say just leave me be
Why let one bad apple
Spoil the whole damn bunch

The text above is from Guns N' Roses 'Bad Apples', and seems appropriate to sum up what happened to Guns N' Roses' Axl Rose's Twitter account last Sunday.

The following message was tweeted:

All upcoming Guns N' Roses dates are officially cancelled. Please contact your place of purchase for any refunds.

Wikipedia defines net neutrality as

(...) a principle proposed for user access networks participating in the Internet that advocates no restrictions by Internet Service Providers and governments on content, sites, platforms, on the kinds of equipment that may be attached, and no restrictions on the modes of communication allowed.

Other definitions exist, but the general consensus is that the term should ensure that 

13 July this year Microsoft ended its support for 32-bit Windows XP Service Pack 2.  This has been announced long time ago, and should come as no surprise. Nevertheless, it is a known fact that there are still lots of users who have not upgraded to Windows XP Service Pack 3 or a newer version or Windows operating system.

Almost at the same time that support for Windows XP SP2 ended, information about a zero-day vulnerability in all current Windows versions was published. Several malware authors started using exploits of this vulnerability in their malware products, and it was viewed as very dangerous. Microsoft regarded this as unusually serious, and accordingly released an out-of-band security update 2 August for all supported operating systems.
Supported is the operative word here, as Windows XP SP 2 was no longer supported at this point in time. Users of this operating system are therefore still vulnerable to malware exploiting this vulnerability. As well as all other upcoming exploits of vulnerabilities in Windows XP SP2, which will not be fixed by Microsoft.

Encapsulating computing operations has been encouraged to maintain integrity by separating and hiding functionality for years. Meanwhile, personal computing technologies have intertwined our daily functions onto one computing platform. Banking, gambling, mailing, and other daily activities are all performed on one machine over a single line of communications.

Lately I've encountered several critical network infrastructures that haven't merged abstract functionality onto mainstream technology platforms. In the interest of redundancy, machines perform single or few functions, operated and managed by simplistic custom operating system platforms. Production is designed to continue functioning as long as there is a power source. Complex mainstream platforms like Windows and Linux are only used for analyzing data exported from production lines only. As a result, such environments have remained largely unaffected by security threats depending on mainstream software. Of course, any environments controlled or actively interacting with Windows, or other mainstream platforms, must be protected with production network protection initiatives.