search menu icon-carat-right cmu-wordmark

Archive: 2011

Challenges in Network Monitoring above the Enterprise

Challenges in Network Monitoring above the Enterprise

• CERT/CC Blog
Jonathan Spring

Recently George Jones and I attended USENIX Security '11. We hosted an evening Birds of a Feather (BoF) session where we asked a question of some significance to our CERT® Network Situational Awareness (NetSA) group: Is Large-Scale Network Security Monitoring Still Worth the Effort? One of the foundational principles behind most organizations' network security practices is still "defense in depth," which is implemented using a variety of security controls and monitoring at different locations...

Read More
Signed Java and Cisco AnyConnect

Signed Java and Cisco AnyConnect

• CERT/CC Blog
Will Dormann

A few years ago, I published a blog entry called Signed Java Applet Security: Worse than ActiveX? In that entry, I explained the problems that arise when a vulnerability is discovered in a signed Java applet. Let's see how the Cisco AnyConnect vulnerability is affected. US-CERT Vulnerability Note VU#490097 describes a vulnerability in the Cisco AnyConnect ActiveX and Java clients that allows an attacker to download and execute arbitrary code. The vulnerability note indicates that...

Read More
Effectiveness of Microsoft Office File Validation

Effectiveness of Microsoft Office File Validation

• CERT/CC Blog
Will Dormann

Microsoft recently released a component for Office called Office File Validation that is supposed to help protect against attacks using malformed files. Because I recently performed file fuzzing tests on Microsoft Office, I decided to test the effectiveness of Office File Validation....

Read More
A Security Comparison: Microsoft Office vs. Oracle Openoffice

A Security Comparison: Microsoft Office vs. Oracle Openoffice

• CERT/CC Blog
Will Dormann

Recently, Dan Kaminsky published a blog entry that compared the fuzzing resiliency of Microsoft Office and Oracle OpenOffice. This blog entry contains the results from a similar test that I performed in November 2010. Also included are some other aspects of the Office suites that can affect the software's security....

Read More
Announcing the CERT Basic Fuzzing Framework 2.0

Announcing the CERT Basic Fuzzing Framework 2.0

• CERT/CC Blog
Allen Householder

Version 2.0 of the CERT Basic Fuzzing Framework (BFF) made its debut on Valentine's Day at the 2011 CERT Vendor Meeting in San Francisco. This new edition has a lot of cool features that we'll be describing in more detail in future posts, but we wanted to let you know that it's available so that you can download and try it....

Read More

"Network Monitoring for Web-Based Threats" Released

• CERT/CC Blog
Sid Faber

The CERT Network Situational Awareness (NetSA) team has published an SEI technical report on monitoring web-based threats. The report draws on related work such as OWASP but comes from a different point of view. While OWASP is focused on developing web applications securely, this report focuses more on situations where you don't have that control, but you need to protect servers and clients from web-based threats. The report may help you answer the following...

Read More
Blog Reorganization

Blog Reorganization

• CERT/CC Blog
Chad Dougherty

Hi, folks. As you can see, we've changed the name of the Vulnerability Analysis Blog to the CERT/CC Blog. With this name change, we're expanding the focus of the blog to include content from other technical teams. The current RSS and Atom feeds will continue to work, but you may want to update to the corresponding new feed location now (RSS, Atom) in order to avoid any problems in the future. Past blog entries will...

Read More