IDS guru Robert Graham posted an informative story on the Errata Security Blog. I like his post because he addresses those who think of IDS as "network grep" -- i.e., simple content matching engines. Robert explains how older signatures for CVE-2004-1049 can be used to detect the current Vulnerability in Windows Animated Cursor Handling. The question is whether or not you still have that signature enabled and what services that signature is inspecting.
Richard Bejtlich is training in a city near you! Seats in classes at the Sys Admin Magazine Conference, Techno Security 2007, SANSFIRE 2007, and Black Hat Las Vegas are filling fast -- register today.Copyright 2007 Richard Bejtlich
0 comments:
Post a Comment