Comments for sudosecure.net

Comment on Silly Network Printer Fun by Franc

Franc — Sat, 20 Mar 2010 20:29:50 +0000

Couple of points.

Most printers will stop when the bin fills up so it’w will not be the mess as you pictured it (and good thing they do or our office would be a mess sometimes

What i do in these cases is pick a random port and translate it back to 9100. Not 100% safe but less likely to be discoverd.

In windows you can change the port in the raw settings of the tcp/ip port

did not know about the raw dump anything you want trick though

Comment on Monitoring the Waledac Zombies by ESET Latinoamérica – Laboratorio » Blog Archive » Dos redes botnets desaparecen: adios Waledac y Mariposa

Wed, 03 Mar 2010 15:53:27 +0000

[...] destacar que, según el portal sudosecure.net, las medidas han sido exitosas y se ha notado un decremento importante en la actividad de la [...]

Comment on New StormCodec.exe and StormCodec8.exe offered free of charge via the Storm Worm by azza

azza — Sun, 06 Dec 2009 21:17:53 +0000

i like that program thank u

Comment on Storm Worm Morphs to only serve exploits by Anti-Virus & Anti-Malware website. » New Storm Moving In – Presumably for Mother’s Day

Sun, 06 Dec 2009 04:20:52 +0000

[...] Jeremy over at sudosecure.net has posted some more info here. [...]

Comment on Storm Worm – Go away, we’re not home by TheCatcher

TheCatcher — Sat, 31 Oct 2009 04:07:47 +0000

I found an additional source of the “Go Away, We’re not home messages”…

When I use the firewall on my AT&T 2Wire Router to block a ports, it respnds to queries on the blocked ports with a forged TCP/IP response from the intended recipient with a payload of “Go Away, We’re not home.”

Comment on Storm Worm spam modifications contain email addresses by BSK

BSK — Thu, 17 Sep 2009 13:45:43 +0000

Please remove my email adress you have listed above. That spam was not sent by me and I’m sorry I didn’t read through the nearly 33,000 failure notifications I recvd to respond to your email. That is my active acct and listing it is only generating more spam for me to recv.

Comment on Storm Worm – Go away, we’re not home by Of Bytes and Badges » Downadup / Conficker: the Storm on the Horizon

Of Bytes and Badges » Downadup / Conficker: the Storm on the Horizon — Fri, 11 Sep 2009 18:17:29 +0000

[...] the Storm Worm now in decline (perhaps pushed-aside for its creators’ new project, Waledec, responsible for a host of fake [...]

Comment on Emerging Threats: Exactly What A Collaborative Security Community Should Be! by Matt Jonkman

Matt Jonkman — Wed, 02 Sep 2009 14:50:22 +0000

ET Rocks!!!

Appreciate the complements Jeremy. ET is great because of the users, I just herd the signatures into their respective pens!

To answer a couple questions up there:
1. I left and let bleeding snort die because of a license conflict that was about to arise with a sponsor. I let a sponsor get too cozy and they tried to take advantage. Moving was the cleanest way to nip that in the bud. Worked out for the best as that left the new project unemcumbered and we were able to secure grant funding from the NSF (National Science Foundation) and the Army Research Office. We’re in a better place now, and are absolutely stable for the long term.

2. OISF. We’re a good way into the development of the new IDS engine. We have about 15 guys on staff, the best and the brightest from all around the world. Ivan Ristic of Mod Security is writing our HTTP parser for example. I doubt there’s a person on the planet more qualified. We have on staff Brazilians, Indians, Brits, Dutch, Americans, Spaniards, you name it. We’ve dug up the best of the best regardless of where they are. And we need a few more by the way if anyone is interested in contract work.

We will have a production release of the engine with it’s phase one features on or before December 31 2009. It’s a very aggressive development schedule, but DHS has been very generous in their support, and we’ve got a team of coders and staff that just can’t be beat!

Thanks again Jeremy for the good words, but the community is what it is because of you and all the other sig submitters and reviewers!

Matt

Comment on Brainbench.com Assessment Engine JavaScript Injection Vulnerability by jeremy

jeremy — Tue, 21 Jul 2009 15:08:09 +0000

Thanks for the response Brainbench TS! I am glad to hear you all are tracking this some how on the backend admin reports. I would question these reports a little though, as I have used this hack to take well over the time limit and still received the official certification on more than one occasion, but at least it is a good start to fixing the issue at hand.

Comment on Brainbench.com Assessment Engine JavaScript Injection Vulnerability by Brainbench TS

Brainbench TS — Tue, 21 Jul 2009 13:59:51 +0000

Thanks for your findings. We have received your emails, and we have looked into the issue. While your finding is accurate, it should be noted that the Brainbench assessments are intended to be open book technical knowledge tests with the time being an indicator of that knowledge. While the client side timer is used to eliminate server and network latency, it is not the only time reported to administrators. In fact, the example you use below would be indicated as cheating in the admin’s report. Click here.

PreVisor takes these issues seriously and is constantly looking for better ways to secure our content and systems. This issue will be addressed in future releases.

PreVisor Technical Support