security

April 30, 2013

SECURITY

Tools of the Trade: The Compressed Pcap Packet Indexing Program

15 min read

The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts.

April 24, 2013

SECURITY

Possible Exploit Vector for DarkLeech Compromises

1 min read

Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server: The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username […]

April 22, 2013

SECURITY

CVRF: A Penny For Your Thoughts

1 min read

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]

April 19, 2013

SECURITY

Security Automation Live Webcast!

1 min read

UPDATE: Webcast information is also now available at the Cisco Live 365 site Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a […]

April 18, 2013

SECURITY

Yesterday Boston, Today Waco, Tomorrow Malware

1 min read

At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We've seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.

April 16, 2013

SECURITY

Embracing Security Related User Groups

2 min read

Security is a tough nut that can’t be cracked by one alone—neither technology nor research, neither corporations nor start-ups, and neither products nor processes. None of these alone can crack the security nut. The most important part of the problem and solution is people! Nothing beats the efforts of few passionate people collaborating for a cause.

April 15, 2013

SECURITY

Cisco Security Disclosure: Help Us Help You!

2 min read

The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. What we would like to get now is feedback from our customers on how the bundle delivery format has changed your lives (well, at least during working hours!), for better or for worse, when it comes to dealing with Cisco PSIRT security vulnerabilities identified in your Cisco IOS environment. The information you provide in this survey will help Cisco to continue to evolve our vulnerability disclosure process to address your challenges and concerns, just as we did back in 2008 when we listened to you and developed the Cisco IOS Software Security Advisory bundle process.

April 9, 2013

SECURITY

Tips and Tricks: Nmap is still relevant

6 min read

This post provides an overview of the Nmap scanning tool, specifically the improvements made to Nmap version 6.25, and covers three tips to help users unlock some of the benefits of Nmap 6.25: automating the scanner, identifying and discovering vulnerable services on your networkk, and good old-fashioned plain vanilla scanning.

April 8, 2013

GOVERNMENT

Cisco ASA Family receives FIPS 140-2 Certification!

1 min read

The Global Certification Team is proud to announce the FIPS 140-2 crypto certification of the Cisco Adaptive Security Appliance (ASA) family.  This certification covered the following models: Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances.  The ASA’s were evaluated at […]