Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Port 445, BB-style security news services,

From: Dave Aitel <dave () immunitysec com>
Date: Fri, 24 Jun 2005 11:50:49 -0400
http://www.eweek.com/article2/0,1759,1830698,00.asp

Ok. I had to forward this. Because it made us laugh out loud here at
Immunity HQ, and I figured it might give a few of you giggles too.
Normally I don't just repost news articles, but this one is more of a
spoof on a news article than an actual news article itself.

"An ominous increase in sniffing activity on TCP Port 445 could signal
an impending mass malicious code attack targeting a recently patched
Microsoft vulnerability, according to a warning from security researchers."

"Port scanning is an activity that may be indicative of an attempt to
discover attack vectors against any vendor product and is not an
activity unique to Microsoft products," she added.

She said software engineers at Redmond would continue to analyze and
monitor for any malicious activity but stressed that she was not aware
of any customers being attacked via sniffing against TCP Port 445 and
have not received any indication of malicious activity associated with
MS05-027.

"John Pescatore, VP of security research at Gartner Inc., said the
reports of increased sniffing on Port 445 are a "serious concern for
enterprise security managers" because such activity usually means a mass
attack is imminent."

This is the sort of article that could be autogenerated Bloomberg-style.
A couple weeks ago Justine was looking into Immunity developing a
Boomberg-like device for security specific news. Something marketed
towards Stephen Scharf (the current CSO of BB) and people like him who
don't have time to go click everywhere to learn what they need. Plus,
scrollies look cool. I think the idea was to do it as a
Buzzword-compliant JNXA web application that was distributed as a
portable touchscreen device, hooked into Verizon's EDGE network so you
wouldn't have to configure it at all or hook it up to your network.
Ideally there'd be modules for various channels - things like IRC where
you could connect all the Financial CSO's together and have them discuss
their ongoing issues, if an emergency pops up. And of course, the
ongoing news of the security world, sorted automatically by an automated
filter. We might still do it since I think we could beat AT&T at the
game handily, although I don't think articles like the above one would
make it through the filter. :>

-dave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: