search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Domain Blacklist Ecosystem - A Case Study

Domain Blacklist Ecosystem - A Case Study

• CERT/CC Blog
Jonathan Spring

Hi all, this is Jonathan Spring with my colleagues Leigh Metcalf and Rhiannon Weaver. We've been studying the dynamics of the Internet blacklist ecosystem for a few years now and the 2015 Verizon Data Breach Investigations Report has corroborated our general results. We get a lot of questions about which list is which and if we can recommend a list. We won't reveal which is which generally, but in this blog post we'll make a...

Read More
Making YAF App Labels from Text-Based Snort Rules

Making YAF App Labels from Text-Based Snort Rules

• CERT/CC Blog
Angela Horneman

Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and realized that while neither SiLK nor Analysis Pipeline themselves do packet inspection, YAF can be used to create an application label that can be used in analyses in both SiLK and Pipeline (field 29, application). This post outlines the steps required and provides an example....

Read More
Baseline Network Flow Examples

Baseline Network Flow Examples

• CERT/CC Blog
Angela Horneman

Hi. This is Angela Horneman of the SEI's Situational Awareness team. I've generated service specific network flows to use as baseline examples for network analysis and am sharing them since others may find them helpful. We have been looking at implementing Network Profiling in Analysis Pipeline to automatically generate lists of active servers and to alert when new IPs start acting as servers. As part of this initiative, we started looking at alternatives to using...

Read More
The Risks of SSL Inspection

The Risks of SSL Inspection

• CERT/CC Blog
Will Dormann

Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a few things. In this blog post, I will explain The capabilities of SSL and TLS are not well understood by many. SSL inspection is much more widespread than I suspected. Many applications that...

Read More
Blacklist Ecosystem Analysis

Blacklist Ecosystem Analysis

• CERT/CC Blog
Jonathan Spring

Hi all. Leigh Metcalf and I have been continuing our study of the cybersecurity ecosystem. Last year we published a long white paper telling you everything you wanted to know about blacklists. Turns out, that did not save the Internet on its own. We're extending that analysis with more blacklist ecosystem analysis this year....

Read More
 What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?

What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?

• CERT/CC Blog
Allen Householder

Hi folks, Allen Householder here. In my previous post, I introduced our recent work in surveying vulnerability discovery for emerging networked systems (ENS). In this post, I continue with our findings from this effort and look at the differences between ENS and traditional computing in the context of vulnerability discovery, analysis, and disclosure....

Read More
Vulnerability Coordination and Concurrency Modeling

Vulnerability Coordination and Concurrency Modeling

• CERT/CC Blog
Allen Householder

Hi, it's Allen. In addition to building fuzzers to find vulnerabilities (and thinking about adding some concurrency features to BFF in the process), I've been doing some work in the area of cybersecurity information sharing and the ways it can succeed or fail. In both my vulnerability discovery and cybersecurity information sharing work, I've found that I often learn the most by examining the failures -- in part because the successes are often just cases...

Read More