Sign in / up

* Posts by Prefect

3 publicly visible posts • joined 8 Jan 2010

Exploit code for potent IE zero-day bug goes wild

Prefect

Video of the Aurora Exploit in Action

Here is a video demonstrating the use of the Aurora exploit with IE 6.0:

http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

0 0

Easily spoofed traffic can crash routers, Juniper warns

Prefect
Badgers

Not a big deal?

I guess that's why Quest had an unannounced outage, because it wasn't a big deal :)

"We just had a qwest outage of about 2 mins at 1:41am pst. When I called to report it I was told it was a 200+ emergency software upgrade due to a security concern, and that we will get a notice later after the fact. Normally we get notices in advance, even for software upgrades due to security or other important issues, so I am curious if other qwest customers had the same experience and wether this is how it's going to be from here on in? The affected platform was juniper and I'd love to know the specfic case being addressed here." - Mike

Source: http://thread.gmane.org/gmane.org.operators.nanog/71244

0 0
Prefect

Not so bad eh?

"In short, we fixed this particular problem about 350 days ago."

Well, sort of. The criticality of the defect was certainly reclassified, so the fix made a while back actually seems divorced from the discovery that this problem leads to a kernel crash based on a remote exploit. The Juniper advisory itself reads this way, suggesting that the fix was made without knowing that it was a fix for a remote exploit. This is not that uncommon, problems are fixed for one reason, without ever knowing there was an even better reason for correcting it.

But routers, especially high capacity ones, are only patched for serious reasons. So a defect identified but not reported in the same way back in January 2009 does not carry the affect of releasing a bulletin labeled critical yesterday. The second makes people maintaining those routers move, as the example below shows.

Qwest, like other backbone providers, doesn’t have unannounced outages for unspecified security concerns over “not as bad as you might think” issues:

http://praetorianprefect.com/archives/2010/01/junos-juniper-kernel-crash-video/

0 0