* *
  Monday, October 21, 2019 Register 
Search For Domain
www. Go

Welcome To Worldinfomall.com Portal

To View all of the contents please login. If you do not have a login, register and get one it is free and easy.


Internet Storm Center - News Feed

What's up with TCP 853 (DNS over TLS)?, (Mon, Oct 21st)
I was looking at some of our data lat last week and noticed an increase probes on tcp &&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;port:853&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;. For those of you who aren&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;t aware, tcp port 853 is assigned to DNS over TLS as defined in RFC 7858. DNS over TLS (or DoT) was defined in 2016 as a way of hiding the contents of DNS requests from prying eyes on the network since DNS normally occurs in the clear over &&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;port:53&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x25&#x3b;. Of course, over the last few months all of the discussion has actually been about an alternative to DoT, DNS over HTTPS (or DoH) defined in RFC 8484, since the major web browser vendors (Google and Mozilla) have announced that they are or will be supporting DoH within the browser in the near future. For the moment, I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;ll stay out of the debate about the merits of DoT vs. DoH. But, back to this story, since I noticed the increase on port 853, let&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s discuss DoT. Because DoT requires setting up a TLS connection, it was defined as a TCP protocol (where DNS was primarily UDP). There was a subsequent RFC 8094 which defined DNS over DTLS which moved this back to UDP, but obviously required more traffic to set up the initual TLS encryption, though once established could then potentially be pretty efficient. I had actually setup DoT on my home (bind9) DNS server just a few weeks ago using stunnel as described in the docs from isc.org, to do some testing, so seeing this increase got my attention (though I hadn&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;t actually opened 853 to the internet, just to my internal network). I haven&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;t setup a netcat listener or honeypot to capture the traffic, but you can see that while there were a couple of brief spikes in the number of targets late last year and then a ramping up starting around the beginning of September, the big jump including new scanners has just ramped up since the beginning of Oct. This first graph is 365 days.

ISC Stormcast For Monday, October 21st 2019 https://isc.sans.edu/podcastdetail.html?id=6716, (Mon, Oct 21st)

Scanning Activity for NVMS-9000 Digital Video Recorder, (Sun, Oct 20th)
Since the beginning of October, my honeypot has been capturing numerous scans for DVR model NVMS-9000 which a PoC was released last year describing a "Stack Overflow in Base64 Authorization"[1].

What Assumptions Are You Making?, (Sat, Oct 19th)
If my security agents were not working correctly, then I would get an alert. Since no one said there is a problem with my security agents, then everything must be ok with them. These are just a couple of the assumptions that we make as cybersecurity practitioners each day about the security agents that serve to protect our respective organizations. While it is preferable to think that everything is ok, it is much better to validate that assumption regularly. 

Quick Malicious VBS Analysis, (Fri, Oct 18th)
Let&#x27s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the first file blocked by classic security controls. The link was:

ISC Stormcast For Friday, October 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6714, (Fri, Oct 18th)

Phishing e-mail spoofing SPF-enabled domain, (Thu, Oct 17th)
On Monday, I found what looked like a run-of-the-mill phishing e-mail in my malware quarantine. The "hook" it used was quite a common one – it was a fake DHL delivery notification inserted as an image into the body of the e-mail in an attempt to make user open its attachments.

ISC Stormcast For Thursday, October 17th 2019 https://isc.sans.edu/podcastdetail.html?id=6712, (Thu, Oct 17th)

When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15., (Mon, Oct 14th)
This post is continuing a series I started in April about network traffic from Windows 10. When dealing with network traffic, it is always good to know what is normal. As part of this series, I will investigate the first few minutes of network traffic from current operating systems. With macOS 10.15 Catalina just being released, I figured this might be an excellent next operating system to investigate.

New VMware security advisory: https://www.vmware.com/security/advisories/VMSA-2019-0016.html | Oracle quarterly patches bundle: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html, (Wed, Oct 16th)
Xavier Mertens (@xme)
Cnet.com 5 Most Recent Stories
News Feed Is Not Available At This Time. Error message: 'doctype' is an unexpected token. The expected token is 'DOCTYPE'. Line 1, position 3.

Warning About Dell Computers.. Think Long And Hard Before You Buy One
There was a time when I thought Dell Computers where a gone buy, but those days are long good. When you buy a computer from a large company you expect good service, well Dell does not have good service just and endless run around of transfer you from one department to another. To tell the story in complete,I will now go into detail, I stopped in the Dell Booth at COMDEX on Tuesday Nov. 18,2003 and asked a few questions which I could not get answer until someone said let me get the expert on the dimensions for you, I think she said he was the product manager. I waited and then told him my requires for the workstation I was looking for and wanted to purchase a Dell since I already have several and like them. I told him I wanted a small form factor PC with and internal 802.11G wireless network card , and if they did not have the card as long as I could add a PCI card to it that is find, and do not need an OS. The Dell rep said sure the 4600C can do that but had to get an OS so go XP home to save the money., I said that I could not find a option to have wireless built-in and he said that it did. Who was I to tell the guy about is product. He got on his company and price it up and I liked it so he placed the order right there for me. Nice I thought that I order from a mail order/online vendor without doing anything and in person. Boy was I wrong. The pc came, I tried to track it but it never would show the tracking info until after it was delivered by UPS, I went to re-install to Windows XP Pro so was getting all the driver cds and discovered that the wireless adapter was a USB external adapter not as was requested but I liked the PC and the 17-Inch LCD so would live with it. I thought it would be a snap to get the correct adapter. After 5 hours on the phone I finally had the correct adapter ordered and a something coming to return the other. The details of the my phone calls are to come, but to give an overview for now, I was transfered atleast 5 times within an hour and each time I had to start the story over, and this was after I had spent 4 hours before to get no where but have a case number that no one really cared to have and being told I called the wrong department even though I was transfered there. Tune back in for the specific details.

Michael Dell said this in an Interview I read that was linked to from on Dell's web site:
How will you keep evolving your structure? Will you have to become more like an IBM?
We don’t want to do that. We don’t want to act like a big company as we get bigger. Our structure is still very fast, very flexible. It doesn’t have a huge number of layers. Communication happens quickly. Our goal is to retain that as much as we can. ( the complete interview can be found here , http://www.chiefexecutive.net/mag/193/index.html

Well to late, you have already are acting like one.

Copyright 2002-2003 Worldinfomall
The Nerd Group   Terms Of Use   Privacy Statement