search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Study of Malicious Domain Names: TLD Distribution

Study of Malicious Domain Names: TLD Distribution

• CERT/CC Blog
Chad Dougherty

Hello, folks. This post comes to you courtesy of Aaron Shelmire from the Network Situational Awareness team. Aaron writes: Recently the Network Situational Awareness team at CERT has been researching the characteristics of malicious network touchpoints. The findings of this initial research are very telling as to the true state of security on the internet....

Read More
CERT Basic Fuzzing Framework

CERT Basic Fuzzing Framework

• CERT/CC Blog
Will Dormann

Hi folks. I've been involved in a fuzzing effort at CERT. One of the ways that I've been able to discover vulnerabilities is through "dumb" or mutational fuzzing. We have developed a framework for performing automated dumb fuzzing. Today we are releasing a simplified version of automated dumb fuzzing, called the Basic Fuzzing Framework (BFF)....

Read More
Top-10 Top Level and Second Level Domains Found in Malicious Software

Top-10 Top Level and Second Level Domains Found in Malicious Software

• CERT/CC Blog
Chad Dougherty

Hello folks. This post comes to you courtesy of Ed Stoner and Aaron Shelmire from the Network Situational Awareness group at CERT. They write: Recently there have been some statistics published on botnet Command & Control (C2) channels. These statistics claim that 94.58% of botnet C2 channels are under the .com top level domain (TLD). While it's impossible to accurately comment on those statistics without knowing the methodology used to arrive at them, we at...

Read More
Plain Text Email in Outlook Express

Plain Text Email in Outlook Express

• CERT/CC Blog
Will Dormann

Reading email messages in plain text seems like a reasonable thing to do to improve the security of your email client. Plain text takes less processing than HTML, which should help minimize your attack surface, right? As it turns out, Outlook Express (and its derivatives) is doing more than you think when it is configured with the "Read all messages in plain text" option enabled....

Read More
Managing IPv6 - Part 2

Managing IPv6 - Part 2

• CERT/CC Blog
Ryan Giobbi

Past entries have addressed both securing and disabling IPv6. This entry describes ways that administrators can secure their networks and generate test cases to test those settings....

Read More
Managing IPv6 - Part 1

Managing IPv6 - Part 1

• CERT/CC Blog
Ryan Giobbi

This entry is the first in a series about securely configuring the IPv6 protocol on selected operating systems. Although this entry focuses on how to disable IPv6, we are not recommending that everyone immediately disable IPv6. However, if critical parts of your infrastructure (firewall, IDS, etc.) do not yet fully support the IPv6 protocol, consider disabling IPv6 until those components can be upgraded....

Read More
Internet Explorer Kill-Bits

Internet Explorer Kill-Bits

• CERT/CC Blog
Will Dormann

The Kill-Bit (or "killbit") is a Microsoft Windows registry value that prevents an ActiveX control from being used by Internet Explorer. More information is available in Microsoft KB article 240797. If a vulnerability is discovered in an ActiveX control or COM object, a common mitigation is to set the killbit for the control, which will cause Internet Explorer to block use of the control. Or will it?...

Read More
Mitigating Slowloris

Mitigating Slowloris

• CERT/CC Blog
Ryan Giobbi

Slowloris is a denial-of-service (DoS) tool that targets web servers. We have some suggestions about mitigation techniques and workarounds to protect your server. However, use caution if you implement any of these suggestions because they will likely have some unintended side effects....

Read More