Xanda's Blog !~! » xanda

Most Secure Desktop Operating System

xanda — Tue, 13 Jul 2010 10:10:02 +0000

Mikko H. Hypponen: What do you consider to be the most secure desktop operating system at the moment in theory?

Charlie Miller: Probably Windows 7, although most are pretty comparable.

Source: ekspress

IronFox

xanda — Tue, 15 Jun 2010 06:49:48 +0000

IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.

The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.

Yara Rule for CVE-2010-1297

xanda — Fri, 11 Jun 2010 10:50:46 +0000

rule FlashNewfunction: decodedPDF
{
   meta:  
      ref = "CVE-2010-1297"
      hide = true
      impact = 5 
   strings:
      $unescape = "unescape" fullword nocase
      $shellcode = /%u[A-Fa-f0-9]{4}/
      $shellcode5 = /(%u[A-Fa-f0-9]{4}){5}/
      $cve20101297 = /\/Subtype ?\/Flash/
   condition:
      ($unescape and $shellcode and $cve20101297) or ($shellcode5 and $cve20101297)
}

Yara Rule for CVE-2010-1885

xanda — Fri, 11 Jun 2010 10:46:33 +0000

rule HelpSupportCenter
{
   meta:  
      ref = "CVE-2010-1885"
      hide = true
      impact = 5 
   strings:
      $cve20101885 = /hcp:\/\/.*?(%u?[A-F]{1,4}.*?){90}/
   condition:
       all of them
}

257 Israel Websites Defaced

xanda — Wed, 02 Jun 2010 01:03:46 +0000

Total notifications: 257 of which 81 single ip and 176 mass defacements

Most of them critic the attack of Israel on the Gaza aid ship

Details: Zone-h

*UPDATE*

2nd June: Total notifications: 664 of which 94 single ip and 570 mass defacements