WebApp Sec mailing list archives
RE: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day
From: "Aiken, Dan" <AikenD () HSS EDU>
Date: Fri, 12 Aug 2005 14:31:20 -0400
If I understood the HoneyMonkey project correctly, Microsoft begins visiting suspect web sites with an unpatched WinXP machine. If it is compromised after visiting a site, Microsoft begins increasing the patch level and revisiting the site until the PC is not compromised again or until they reach WinXP SP2. As of the date of the article I read, no WinXP SP2 PC had been compromised by any of the sites. After the analysis is complete, Microsoft reports the offending sites to law enforcement for further action. I think this is a very useful approach to identifying and hopefully prosecuting the offending web sites. Dan Aiken, GSEC, GSNA Corporate Compliance Director Ofc: (212) 774-2569 Fax: (212) 606-1930 aikend () hss edu "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." Bruce Schneier -----Original Message----- From: Christopher Carpenter [mailto:ccarpenter () dswa net] Sent: Friday, August 12, 2005 11:33 AM To: websecurity () webappsec org; webappsec () securityfocus com Subject: RE: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day I don't think URL filtering is the goal; instead, Microsoft performs an analysis of each compromised machine to determine if unpublished exploits are being actively utilized. Then the patches for these vulnerabilities can be released in a future update. So the list of suspect sites isn't a comprehensive list of the "bad" places out there, but an educated guess as to where exploits will be published/used. Chris From: Kaura, Vikram [mailto:vkaura () unterberg com] Sent: Thursday, August 11, 2005 8:09 PM To: bauger () spidynamics com; websecurity () webappsec org; webappsec () securityfocus com Subject: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day Any thoughts on the honeymonkey project? Is this headed towards URL filtering market. 750 web pages after a month of work - from a suspect list of about 5000 sites seems small. -Vik -------------------------- Sent from Vikram Kaura's Wireless Handheld -----Original Message----- From: Bob Auger <bauger () spidynamics com> To: websecurity () webappsec org <websecurity () webappsec org>; webappsec () securityfocus com <webappsec () securityfocus com> Sent: Tue Aug 09 14:29:53 2005 Subject: Microsoft's 'Honeymonkey' project finds 0day "Microsoft 's experimental Honeymonkey project has found almost 750 web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month" - Robert Lemos http://www.theregister.co.uk/2005/08/09/ms_honeymonkey/ Regards, Robert Auger SPI Labs rauger () spidynamics com Start Secure. Stay Secure. Security Assurance Throughout the Application Lifecycle Pursuant to Securities and Exchange Commission and National Association Of Securities Dealers requirements, all incoming and outgoing e-mail of C.E. Unterberg, Towbin is subject to review by the Compliance Department. Please note that C.E. Unterberg, Towbin does not allow the use of e-mail to request, authorize, or effect the purchase or sale of any security, to send fund transfer instructions, or to effect any other transactions. Any such request, orders, or instructions that you send will not be accepted and will not be processed.
Current thread:
- RE: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day Aiken, Dan (Aug 12)
- Re: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day F Lace (Aug 14)
- Re: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day Christopher Canova (Aug 18)
- Re: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day F Lace (Aug 14)