[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-03-24

Research research at ...435...
Thu Mar 24 15:10:33 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a problem concerning digital
certificates issued by Comodo. Additionally, this release adds and
modifies rules in several categories.

Details:
Comodo Digital Certificate Authority Fraud:
The Sourcefire VRT is aware of the existance of nine fraudulent digital
certificates issued by Comodo. Using these certificates, an attacker
may be able to spoof content, perform various phishing attacks or
perform man-in-the-middle attacks on sites and users relying on these
certificates for identification purposes.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 18565 through 18573.

Additionally, the Sourcefire VRT has added and modified multiple rules
in the ftp, imap, specific-threats, spyware-put, web-activex and
web-client rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-03-24.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFNi5TKQcQOxItLLaMRAl0nAJ9iAOhBCdrppNEItec8xGXHjdt7bwCeLwc1
KqE0miMyg2aOc+83agJnfe0=
=5Arf
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list