search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Hacking the CERT FOE

Hacking the CERT FOE

• CERT/CC Blog
Will Dormann

Hey folks, it's Will. Every now and then I encounter an app that doesn't play well with FOE. You don't have to throw your hands up in defeat, though. Because FOE (and BFF) are written in Python, it's pretty easy to modify them to do what you like....

Read More
Prioritizing Malware Analysis

Prioritizing Malware Analysis

• CERT/CC Blog
Jose Morales

Hi, this is Jose Morales, researcher in the CERT:CES team. In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event....

Read More
Analyzing Routing Tables

Analyzing Routing Tables

• CERT/CC Blog
Timur Snoke

Hi, Timur Snoke here with a description of maps I've developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers. Organizations that route public internet protocol (IP) addresses receive autonomous system numbers (ASNs), which uniquely identify networks on the Internet. To coordinate traffic between ASNs, the Border Gateway Protocol (BGP) advertises available routing paths that network traffic could take to access other IP addresses. BGP tables select and...

Read More
BFF 2.7 on OS X Mavericks

BFF 2.7 on OS X Mavericks

• CERT/CC Blog
Will Dormann

Hi folks, it's Will. Apple has released OS X Mavericks. Because BFF 2.7 was released before Mavericks, BFF doesn't work right out of the box. But it's actually quite simple to get it working....

Read More
Working with the Internet Census 2012

Working with the Internet Census 2012

• CERT/CC Blog
Timur Snoke

Hi, it's Timur Snoke of the CERT NetSA group, posting on behalf of Deana Shick and Angela Horneman. It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using the Nmap Scripting Engine(NSE) between March and December of 2012. The engineer of this data set (identity unknown) saved and released the collected data in early 2013....

Read More
Vulnerabilities and Attack Vectors

Vulnerabilities and Attack Vectors

• CERT/CC Blog
Will Dormann

Hi, this is Will Dormann of the CERT Vulnerability Analysis team. One of the responsibilities of a vulnerability analyst is to investigate the attack vectors for potential vulnerabilities. If there isn't an attack vector, then a bug is just a bug, right? In this post, I will describe a few interesting cases that I've been involved with....

Read More
Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler

Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler

• CERT/CC Blog
Allen Householder

Hi folks, Allen Householder here. As Will Dormann's earlier post mentioned, we have recently released the CERT Basic Fuzzing Framework (BFF) v2.7 and the CERT Failure Observation Engine (FOE) v2.1. To me, one of the most interesting additions was the crash recycling feature. In this post, I will take a closer look at this feature and explain why I think it's so interesting....

Read More
Signed Java Applet Security Improvements

Signed Java Applet Security Improvements

• CERT/CC Blog
Will Dormann

Hi folks, it's Will Dormann. A few months ago I published a blog entry called Don't Sign that Applet! that outlined some concerns with Oracle's guidance that all Java applets should be signed. The problem is that with Java versions prior to 7u25, there is nothing that prevents a signed applet from being repurposed by an attacker to execute with full privileges. As it turns out, Java 7u25 introduced features to prevent a Java applet...

Read More