Saturday was a pretty busy day around the Valca home.
I successfully upgraded Lavie’s Windows 8 laptop to Windows 8.1. More than a few lessons were learned that may get a post later. However suffice it to say that the upgrade went smoothly and the only “damage” was that the custom Dell touchpad settings she had set up were wiped and she had to re-program them again from scratch.
I decided to pull the trigger and update my Windows 7 system’s Internet Explorer browser to IE 11. I could have waited -- and probably should have -- but some new zero-day reports on IE exploits making rounds and IE 11 being in a “release” state convinced me to give it a shot. I really don’t use IE much on my home system. There is one on-line bill I pay with it -- the rest I use Firefox for as my browser of choice. For some reason this singular utility’s website doesn’t seem to fully render form pages correctly in Mozilla. Chrome does (usually) work but not always so IE it is. Finger’s crossed the IE 11 rendering works.
I really want to upgrade Alvis’s Win 7 IE browser to IE 11 as well as she uses IE a bit more than I do. However I don’t yet dare. Her college campus has a portal page for the students to use in interacting with their professors, to upload assignments, to download material, to take on-line exams, etc. It is horrible. If I upgrade Java (required) to the most current patched level/build. It breaks and nothing on the portal page works. Even in IE Compatibility mode. So I don’t want to run the risk of messing up her school portal interaction with and IE upgrade. Fortunately, she almost only uses IE for that. She is a Chrome browser user and actually has it set as her default Windows browser so we live for it for now.
Lavie’s laptop is already on IE 11 as it came for the ride with Windows 8.1.
I will say that IE 11 launches much faster on my Windows 7 system than IE 10 did. Other than than, I can’t really tell a difference…so I guess that is a good thing.
Here’s the linkage. It’s a hodge-podge this week but fairly thin.
Web Browser News…
- IE zero-day is targeted, sophisticated - ZDNet
- New IE Zero-Day Found in Watering Hole Attack - FireEye Blog
- Internet Explorer users face drive-by attacks targeting new 0day bug - Ars Technica
- Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method - FireEye Blog
- Internet Explorer 11 - Microsoft download
- IE11 for Windows 7 Globally Available for Consumers and Businesses - IEBlog
- Internet Explorer 11 for Windows 7 is all about performance - Beta News
- Announcing Octane 2.0 - Chromium Blog
What made the IE Zero-Day exploit interesting is that early malware analysis indicates that the payload runs in memory only and does not write itself to disk, making artifact analysis much more challenging. This could be another signal that defense-in-depth supported by NFAT techniques and packet monitoring/logging could be critical in incident detection, response, and analysis.
Speaking of Networking…
Network Throughput Testing Tools - WindowsNetworking.com
When Worlds Collide - wirewatcher - Wonderful post on using ELSA in a SecurityOnion deployment to tear up network activity logs and drill down (leveraging Carbon Black linked to ELSA) to pick apart a remote system’s activity. Neat.
Anatomy of Message Analyzer Analysis - MessageAnalyzer Blog
Update: naft-gfe.py - Didier Stevens
Malware and Incident Response…
Hacking a Reporter: Writing Malware For Fun and Profit (Part 1 of 3) - SpiderLabs Anterior
Hacking a Reporter: Writing Malware For Fun and Profit (Part 2 of 3) - SpiderLabs Anterior
CryptoPrevent 4 - Introducing Event Logs and Email Alerts - Foolish IT - This new version has some more features added. If you are using this to defend against the CryptoLocker ransomware, then be sure you are using the latest version and go back often into it and run the “check for updates” feature. It works very smoothly. Once the update is done, you must hit the “Apply” button (and reboot) to apply the updated changes to your system. Or just pony up the $ and get the auto-updating version. It’s still much cheaper than a couple thousand in bitcoins to fix your system after it gets infected.
CryptoLocker Crew Ratchets Up the Ransom — Krebs on Security
CryptoLocker Emergence Connected to Blackhole Exploit Kit Arrest - Security Intelligence Blog at Trend Micro
Cryptolocker: Time to Backup - ThreatTrack Security Labs Blog
For the SysAdmins…
Download Group Policy Settings Reference for Windows and Windows Server - Microsoft Download Center