The End Of 2008 In A Few Sentences
In these wee small hours of 2008, some quick thoughts.
Researchers have broken SSL CA root certificates via the MD5 collision issues. No great surprise, I think anyone who gave this some serious thought saw this coming. End of the world? No, not really. Invalid SSL certs rarely stop anyone. This will make it tougher to address. The ISC writeup is mostly spot on. There are some more significant issues afoot in the SSL CA chains, anyhow. Great research, however.
A new variant of Conflickr, aka Downadup.B, is on the loose. Same as before, nothing new. This one appears to be affecting a lot of entreprises who STILL didn’t apply MS08-067. Who knows why they haven’t, they’ve had nearly 2 months for a very obviously critical out of cycle patch. Most of the known domains point to 18.104.22.168, and sometimes to 22.214.171.124, as the worm begins its update cycles. The world is not ending here, either.
Is Waladec really Storm in disguise? I’m not totally convinced but the number of operational similarities cannot be discounted. But a number of other key facets do not line up. I’m still skeptical, to be honest.
Lots of website defacements due to the global strife between Israel and the Palestinians in Gaza, the recent issues in India, and of course the US. Zone-H offers a nice mirror for you to check out if you wish. A number of groups are active. Also see the Intelfusion blog on the Eastern Railway hacks in India.
And finally, we were quiet on the IE7 0day. We just didn’t have the cycles to talk about it, end of the year and all. In short, we’re surprised that it was used mainly to drop common infostealers and not anything more sophisticated.