Well it was about time we got around to updating the ISC Poll.  I came up with the current poll after reading Lenny's great diary post on "Tips to responding to a DDoS attack".  So that being said please do participate in the poll, the results should prove to be interesting in quantifying how many organizations suffer from these sorts of attacks.

Direct link to the poll

http://isc.sans.org/poll.html?pollid=235

Some other interesting reports/statistics on Denial of Service attacks can be found at the links below. (feel free to submit other links at https://isc.sans.org/contact.html )

Arbor networks blog post (to see the full report it may require divulging your email to a sales guy)

http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-security-report/

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.DDos

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.DDoSHistorical

VMWare have today released a security advisory, and updated another.

- VMSA-2008-0019 (new advisory)

http://lists.vmware.com/pipermail/security-announce/2008/000046.html

This impacts :

• VMware Workstation 6.0.5 and earlier
• VMware Workstation 5.5.8 and earlier
• VMware Player 2.0.5 and earlier
• VMware Player 1.0.8 and earlier
• VMware Server 1.0.9 and earlier
• VMware ESX(i) 3.5 and 3.0.2

- VMSA-2008-0017.2 (updated advisory)

http://lists.vmware.com/pipermail/security-announce/2008/000047.html

VMWare have added ESX 3.5 patch information after release of patches on 2nd Decemeber 2008.

Our carbon based RSS news reader known as Roseman has alerted us to the availability of a new Java release. Sun Java 6.0 Update 11 is now available!

The release notes are available for you enjoyment, and Sun describe the release as "This release contains fixes for one or more security vulnerabilities."

Roseman also suggests that you check the settings in the "Java Control Panel" just in case the settings you have chosen have been reset by the release.

Thanks to the other readers who submitted the news of the update too!

Details are still sketchy as to the cause of a failure overnight of the Sonicwall License Manager Server.  We are receiving reports from Sonicwall users that the server "reset" (meaning invalidated) the licenses on all of their email security products. The customers are reporting that this is causing them to be unable to login to their own systems.  It is reported that the support calls are not being answered and are going straight to voicemail. 

It appears that Sonic Wall users received an email overnight indicating that the Email Security licenses have been reset and says that the filtering will not be working.  The email recommended that the customer contact Tech Support (which could be why the calls are going straight to voicemail).  One of our readers who is also a Sonic Wall customer sent us this information from correspondence with Sonic Wall : "The issue is on our backend server who stores the registrations, some ES appliances got licences resetted. The exact cause is still being analized with high priority. In those cases entering the mysonicwall credentials or uploading file solve the issue. Kind Regards Ivan"

So if you are a Sonic Wall customer and you haven't discovered it yet, you may very well have reduced protection. If the firewalls cannot login and verify licensing, the subscription services (content filtering, intrusion prevention, gateway AV) stop working.

Derek, one of our readers and a Sonic Wall customer using the Sonic Wall content filtering has verified that he is now able to access sites that should be getting blocked. Which means schools, businesses, etc that are counting on Sonic Wall to filter for them are sorely disappointed today.

We will update you if anything else pops up on this.

Update 1:  It appears that this problem may be affecting firewalls as well. It is being reported that firewall services have stopped and that spam, viruses, and other bad things are flowing in without a hitch.

 Update 2:  SonicWall have published a support article to help resolve the issue on their support site.