the exclamake! blog

SANS is reporting a targeted attack to a particular company.  This attack begins with email from a domain that closely resembles the company’s own domain, so that it appears as an internal email.  The attached Word file uses an undisclosed exploit to extract and execute a Trojan.  Another interesting bit is that it overwrites the [...]

FaceTime has released their report analyzing attacks via IM, P2P, and Chat vectors. One thing I like about this report is it’s fresh, comparing the 1st quarter of 2006 with all of 2005. FaceTime offers security appliances with a very specific focus, which is, surprise, the same areas highlighted in the above report: [...]

Mike Rothman posted an article on Skype and the need to control it in many environments.  His opinion is that will be very difficult to control it on the network side of thing and he recommends controlling at the endpoint.  I thought it would be a good time to bring out that SonicWALL is very [...]

Here’s the deal. I do get irritated with the ‘media’ and ‘hype’. Because I’m in the network security arena, I frequently ask myself, is all the press about network attacks legitimate? Are the fears justified? Then I see something like this that settles it in my mind.
Some of you may remember [...]

Another week, another Highly Critical IE vulnerability published by Secunia.
Secunia - Advisories - Microsoft Internet Explorer “createTextRange()” Code Execution
I recommend monitoring SANS for exploits of this vulnerability and Microsoft patch announcements.
SANS Internet Storm Center - New IE Vulnerability

The Privacy Rights Clearinghouse has a Chronology of Data Breaches since the first ChoicePoint incident in February 2005.  I spent some time grouping the breaches into some similar categories and analyzing the cause of the breaches.  This analysis covers the report incidents from February 15, 2005 through March 14, 2006.
The categories I used are:

Backup Loss [...]

And along with the BC Government problems, we see that a Chinese bank server network was compromised as a launching pad for a phishing scam.  Again, it wasn’t the Chinese bank data wasn’t the primary target.  The phishers just wanted to use their network to host the phishing site, which then relayed your personal info [...]

This article in the Vancouver Sun describes how 78 computers inside British Columbia’s government network were compromised.  The important thing to note here is that they were not attacked for the data that they held.  In fact, it appears that no information was stolen from these servers.
They were used to store downloaded movies and “‘hacker’ [...]