Papers & Reports
In addition to public mailing lists, presentations, and commentary, Sûnnet Beskerming produces technical documents, reports and technical papers for public distribution. Links to the download of relevant public papers can be found on this page.
In late January 2007, a Sûnnet Beskerming researcher encountered a previously unknown form of phishing / scamming that was being delivered through Professional networking sites. Dubbed 'Sport Phishing', the new technique relies upon establishing a high level of trust and rapport between the victim and the attacker, over days or weeks, before the attack is launched. A detailed report can be found below, with a complete investigation and description of how the attack is created, and how it can be identified.
With a commanding market share in desktop Operating Systems and Office productivity suites, Microsoft have a significant obligation to ensure that vulnerabilities and exploits are managed in a reasonable timeframe. The most recent methodology in use to achieve this goal is to provide a monthly Security Patch update on the second Tuesday of every month. Starting in May 2006, Sûnnet Beskerming staff have begun preparing reports and presentations for distribution, to assist developers, system administrators, business operators, and end users to manage their patching processes.
Below is a sample set of reports from September, 2006.
Covering MS06-040 through to MS06-054, the September 2006 Security Patch release manages five vulnerabilities related to Windows and various Office components. Three patches have been rated as Critical by Microsoft, and some of the vulnerabilities have been actively exploited for some weeks.
Since September 2006, reports have no longer been made available for free download via this site. Please follow the link to purchase subsequent reports.
26 June 2007