Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 17 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list.
Today a blog post from February 22nd, 2013, made the list. It describes an ICS-CERT advisory for an ActiveX vulnerability in the Honeywell Enterprise Buildings Integrator. Two interesting items were included in the discussion. First, the researchers (Rapid7) announced that they would be publishing a Metasploit module for the vulnerability, much less common back then. Second, I discussed the fact that the researcher had requested that Microsoft “issue a kill bit for the HscRemoteDeploy.dll in a future monthly Microsoft Windows security update”. That .dll was the heart of the Honeywell vulnerability.
Posts
No comments:
Post a Comment