CERT/CC Blog

A few years ago, I published a blog entry called Signed Java Applet Security: Worse than ActiveX? In that entry, I explained the problems that arise when a vulnerability is discovered in a signed Java applet. Let's see how the Cisco AnyConnect vulnerability is affected.

The CERT Network Situational Awareness (NetSA) team, specifically our talented and hard-working intern Matthew Heckathorn under Sid Faber's guidance, has published an SEI Technical Report on monitoring web-based threats.

Hello folks.  This post comes to you courtesy of Ed Stoner and Aaron Shelmire from the Network Situational Awareness group at CERT.  They write:

Recently there have been some statistics published on botnet Command & Control (C2) channels. These statistics claim that 94.58% of botnet C2 channels are under the .com top level domain (TLD). While it's impossible to accurately comment on those statistics without knowing the methodology used to arrive at them, we at CERT have been doing research concerning malicious domain names that arrives at a different result.

The Kill-Bit (or "killbit") is a Microsoft Windows registry value that prevents an ActiveX control from being used by Internet Explorer. More information is available in Microsoft KB article 240797. If a vulnerability is discovered in an ActiveX control or COM object, a common mitigation is to set the killbit for the control, which will cause Internet Explorer to block use of the control. Or will it?

Hi, it's Will. As previously mentioned, we have been investigating and discovering ActiveX vulnerabilities over the past few years. Today we released the Dranzer tool that we have developed to test ActiveX controls.

Hey, it's Will. I noticed that several blogs, including Trend Micro and McAfee, have been talking about the recent attacks on the Internet Explorer 7 vulnerability that was fixed in MS09-002. An interesting thing about these exploits is the attack vector. The technique used in these attacks has several security impacts that may not be immediately obvious.

It's Will again, with the first blog entry of 2009. Our Securing Your Web Browser document describes how to make your web browser more secure, but applying all of the necessary changes can be a bit tedious. To make the process easier, we developed reference implementations of the guidelines for both Microsoft Internet Explorer and Mozilla Firefox.

Hi, it's Will. Recently, a blog author reported that the CERT^® Secure Coding Standards website, which runs on Atlassian Confluence, contained a SQL injection vulnerability. After analyzing the report and discussing it with the Confluence vendor, we have concluded that the behavior described is not a vulnerability.

Hey, it's Will. Earlier this year, details about "carpet bombing" attacks were released. Apple addressed the issue by prompting users before downloading files, but recent news indicates that Google Chrome, which is based on Apple's WebKit code, is also vulnerable to the same type of attack. However, some people seem to be missing an aspect of the attack that affects all web browsers.

Hi, it's Will. Anybody who has been keeping an eye on the US-CERT Vulnerability Notes has probably noticed that I've published a lot of ActiveX vulnerabilities. So it should be no surprise to learn that we have been testing ActiveX controls and discovering vulnerabilities in the process.