search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

The Risks of Microsoft Exchange Features that Use Oracle Outside In

The Risks of Microsoft Exchange Features that Use Oracle Outside In

• CERT/CC Blog
Will Dormann

The WebReady and Data Loss Prevention (DLP) features in Microsoft Exchange greatly increase the attack surface of an Exchange server. Specifically, Exchange running on Windows Server 2003 is particularly easy to exploit. It's public knowledge that Microsoft Exchange uses Oracle Outside In. WebReady, which was introduced with Exchange 2007, provides document previews through the use of the Oracle Outside In library. Outside In can decode over 500 different file formats and has a history of...

Read More
Keep Calm and Deploy EMET

Keep Calm and Deploy EMET

• CERT/CC Blog
Vijay Sarvepalli

CVE-2013-1347, the Internet Explorer 8 CGenericElement object use-after-free vulnerability has gotten a lot of press lately because it was used in a "watering hole" attack against several sites....

Read More
Don't Sign that Applet!

Don't Sign that Applet!

• CERT/CC Blog
Will Dormann

Hi, it's Will. I've recently been looking into the state of signed Java applet security. This investigation was triggered by the Oracle blog post IMP: Your Java Applets and Web Start Applications Should Be Signed, which as the title implies, suggests that all Java developers sign their applets, regardless of the privileges required. In this blog entry, I explain why this practice is a bad idea....

Read More
Don't Sign that Applet!

Don't Sign that Applet!

• CERT/CC Blog
Will Dormann

Hi, it's Will. I've recently been looking into the state of signed Java applet security. This investigation was triggered by the Oracle blog post IMP: Your Java Applets and Web Start Applications Should Be Signed, which as the title implies, suggests that all Java developers sign their applets, regardless of the privileges required. In this blog entry, I explain why this practice is a bad idea....

Read More
Finding Patterns of Malicious Use in Bulk Registrations

Finding Patterns of Malicious Use in Bulk Registrations

• CERT/CC Blog
Leigh Metcalf

Hi, this is Leigh Metcalf with my colleague Jonathan Spring. In 2011, .co.cc [1] and .co.tv [2] were removed from Google's search results because of the high incidence of malicious domains (.cc is the TLD for the Cocos Islands and .tv is the TLD for Tuvalu). Neither of these domains is an official TLD of its respective country of origin, but is a zone in which the owner happens to make single subdomains freely available...

Read More
GeoIP in Your SOC (Security Operations Center)

GeoIP in Your SOC (Security Operations Center)

• CERT/CC Blog
Vijay Sarvepalli

Hi, this is Vijay Sarvepalli, Security Solutions Engineer in the CERT Program. Today, whether you're shopping for a new house or trying to find a babysitter, you end up using Google maps or a similar service to assist your decision making. In this blog post, I discuss GeoIP capabilities that can be built into your SOC to provide a spatial view of your network threats and how this view can help your network situational awareness....

Read More
Second Level Domain Usage in 2012 for Common Top Level Domains

Second Level Domain Usage in 2012 for Common Top Level Domains

• CERT/CC Blog
Leigh Metcalf

Hi, this is Leigh Metcalf with my colleague Jonathan Spring. Here is a look at second level domain (SLD) usage in 2012 for the most common generic Top Level Domains (gTLDs): biz, com, info, mobi, net, and org. We used two data sources: (1)the master zone files (RFC 1035 sec. 5) and (2) the SIE (http://sie.isc.org), a passive DNS data source. From these sources we examined three features of global gTLD usage--the number registered, the...

Read More