1069 Kb		June 2,2006 Inside Windows Rootkits Although they have been around for quite some time, rootkits have become somewhat of a buzzword in the security industry over the past year. While rootkits have traditionally been used by sophisticated attackers to hide their presence on compromised machines, recent worms, viruses, and trojans have started using them to complicate efforts to detect and clean infected machines. Microsoft recently reported that over twenty percent of the malware found by their malicious code removal tool on Windows XP Service Pack 2 machines contained rootkit technology. By hiding the infection, rootkits allow the malicious software to remain on the system for a longer period of time.
44 Kb		October 25,2005 Snort’s Back Orifice Preprocessor vulnerability On October 18th, 2005, Sourcefire announced a stack-based buffer overflow in Snort’s Back Orifice Preprocessor. The vulnerability can be exploited by a remote attacker using a single UDP packet and can lead to remote code execution. This whitepaper explores the cause of the vulnerability, and provides countermeasures to prevent exploitation of the vulnerable versions of the Snort Intrusion Detection System.
108 Kb		August 24,2005 Defeating Windows Personal Firewalls: Filtering Methodologies, Attacks, and Defenses Microsoft Windows provides a variety of methods by which security software can perform network traffic filtering and other security-related tasks. However, these same capabilities can be used by malware to tap into the operating system’s network architecture in order to circumvent security software, open backdoors, and steal information. A number of articles have been published that discuss and compare the features of different software firewalls, but there are few resources that explore the filtering techniques that these firewalls use. Understanding these filtering techniques is not only useful for choosing a software firewall and troubleshooting problems with it, but it also helps to understand, detect, and prevent the malware threats that take advantage of them.
746 Kb		December 20,2004 Analysis of a Malicious JPEG Attack On September 14h, 2004, Microsoft released a security bulletin for a ?critical? vulnerability in part of the GDI+ library that processes JPEG files. In this analysis, we will first take a look at the vulnerability in the GDI+ library and how it is exploited. Next, we will proceed with a detailed static and run-time analysis of the malicious JPEG and the files that are downloaded during the intrusion. Afterwards, we will look at what can be learned from this attack and how such an attack can be prevented.
110 Kb		March 5,2004 The Spambush Trojan The Spambush Trojan exists to facilitate the propagation of spam emails via zombie computers that it creates without the knowledge of the end user.

Subscription

December 28,2004
No Hardware, No Software, Security Made Simple
Many organizations are still using conventional Internet-perimeter security solutions that require intensive capital expenditures for equipment and software, as well as significant investments in full-time employees or outside consultants to handle installation, maintenance and monitoring. Read this white paper and discover a cost effective perimeter solution that requires no hardware, software or installation.
Subscribe to this whitepaper.

December 13,2004
Ten Steps to Establishing Information Security
The following checklist will assist the establishment, implementation and management of a rock-solid enterprise Information Security program.
Subscribe to this whitepaper.