BreachBytes

Microsoft has launched a highly technical blog to disseminate vulnerability information to security researchers and practitioners on Patch Tuesdays. While they have been sharing information about vulnerabilities and patches on Patch Tuesdays, there has not been this level of technical depth available until now.

The blog’s tagline is as follows:

“Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, and other related guidance and information.”

As an example of the type of posts on the site, one post has a PCAP file used to show the pre-patch states of SMBv2 network traffic. This packet data can easily be used to identify unpatched computers on the network using an intrusion detection system like Snort.

(more…)

New Years is a time of reflection and preparation: reflection on the year ending and preparation for the year beginning. This year I thought I would share my New Years resolutions as they relate to my job as a security vendor:

1. Go easy on the jargon. I will do my best not to say “IDS” and “PCI” and instead say “Intrusion Detection System” and “Payment Card Industry”.
2. Be straightforward. Customers don’t have much spare time and I will do a better job of getting to the point. I will tell customers what they need to know and nothing more.
3. Give users tools they want. Flashy interfaces may sell initially but what makes products stick is utility. I will focus on making software that makes security analysts more effective in their jobs.

(more…)