tag:blogger.com,1999:blog-307611052024-03-17T20:03:29.482-07:00Network Security Solutions Your Preferred Network Security Solutions ProviderJohncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.comBlogger168125tag:blogger.com,1999:blog-30761105.post-25602979199488668512012-12-20T04:23:00.000-08:002012-12-20T04:26:14.752-08:00Log Analyzer 3.6.0 - Cross Site Scripting VulnerabilityTitle:<br />
======<br />
<span class="yshortcuts" id="lw_1356004581_0">Log Analyzer</span> 3.6.0 - <span class="yshortcuts" id="lw_1356004581_1">Cross Site Scripting</span> Vulnerability<br />
<br />
<br />
Date:<br />
=====<br />
2012-12-20<br />
<br />
<br />
References:<br />
===========<br />
<a href="http://www.vulnerability-lab.com/get_content.php?id=792" target="_blank"><span class="yshortcuts" id="lw_1356004581_2">http://www.vulnerability-lab.com/get_content.php?id=792</span></a><br />
Vendor: <a href="http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-oracle_query-paramater" target="_blank"><span class="yshortcuts" id="lw_1356004581_3">http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-oracle_query-paramater</span></a><br />
<br />
<br />
VL-ID:<br />
=====<br />
792<br />
<br />
<br />
Common Vulnerability Scoring System:<br />
====================================<br />
1.5<br />
<br />
<br />
Introduction:<br />
=============<br />
LogAnalyzer is part of Adiscon`s MonitorWare line of monitoring applications. It runs both under Windows and Unix/Linux. <br />
The database can be populated by MonitorWare Agent, WinSyslog or EventReporter on the Windows side and by rsyslog on <br />
the Unix/Linux side. LogAnalyzer itself is free, GPLed software (as are some other members of the product line).<br />
<br />
(Copy of the Vendor Homepage: <a href="http://loganalyzer.adiscon.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_4">http://loganalyzer.adiscon.com/</span></a> )<br />
<br />
<br />
Abstract:<br />
=========<br />
An
independent vulnerability laboratory researcher discovered a cross site
scripting vulnerability in the log analyzer v3.6.0 web application.<br />
<br />
<br />
Report-Timeline:<br />
================<br />
2012-12-20: Public or Non-Public Disclosure<br />
<br />
<br />
Status:<br />
========<br />
Published<br />
<br />
<br />
Exploitation-Technique:<br />
=======================<br />
Remote<br />
<br />
<br />
Severity:<br />
=========<br />
Low<br />
<br />
<br />
Details:<br />
========<br />
A client side cross-site scripting vulnerability is detected in the LogAnalyzer 3.6.0 web application.<br />
The vulnerability allows an remote attacker with high required user interaction to force client side xss requests.<br />
<br />
The vulnerability is located in the asktheoracle.php file with the bound vulnerable oracle_query parameter request. <br />
An attackers can force client side requests to execute arbitrary script code by using the oracle_query parameter.<br />
<br />
Successful exploitation of the vulnerability results in client side execution of inject script, client side phishing,<br />
client side module context manipulation and evil unautorized external redirects.<br />
<br />
Vulnerable File(s):<br />
[+] asktheoracle.php<br />
<br />
Vulnerable Parameter(s):<br />
[+] oracle_query<br />
<br />
<br />
Proof of Concept:<br />
=================<br />
The
client side cross site scripting vulnerability can be exploited by
remote attackers with medium or high required user interaction <br />
and without privileged application user account.<br />
<br />
<a href="http://192.168.1.10:8080/loganalyzer-3.6.0/asktheoracle.php?type=searchstr&oracle_query=" target="_blank"><span class="yshortcuts" id="lw_1356004581_5">http://192.168.1.10:8080/loganalyzer-3.6.0/asktheoracle.php?type=searchstr&oracle_query=</span></a>[CLIENT SIDE SCRIPT CODE!]<br />
<br />
Note: The 'oracle_query' parameter didn't sanitize properly for asktheoracle.php page.<br />
<br />
<br />
Solution:<br />
=========<br />
Upgrade to the latest version of Log Analyzer 3.6.1<br />
<br />
<br />
Risk:<br />
=====<br />
The security risk of the client side cross site scripting web vulnerability is estimated as low(+)<br />
<br />
<br />
Credits:<br />
========<br />
Mohd Izhar Ali - [<a href="http://johncrackernet.blogspot.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_6">http://johncrackernet.blogspot.com</span></a>]<br />
<br />
<br />
Disclaimer:<br />
===========<br />
The
information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties, <br />
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-<br />
Lab
or its suppliers are not liable in any case of damage, including
direct, indirect, incidental, consequential loss of business <br />
profits
or special damages, even if Vulnerability-Lab or its suppliers have
been advised of the possibility of such damages. Some <br />
states do not
allow the exclusion or limitation of liability for consequential or
incidental damages so the foregoing limitation <br />
may not apply. We do
not approve or encourage anybody to break any vendor licenses, policies,
deface websites, hack into databases <br />
or trade with fraud/stolen material.<br />
<br />
Domains: <a href="http://www.vulnerability-lab.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_7">www.vulnerability-lab.com</span></a> - <a href="http://www.vuln-lab.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_8">www.vuln-lab.com</span></a> - www.vulnerability-lab.com/register<br />
Contact: <a href="mailto:admin@vulnerability-lab.com"><span class="yshortcuts" id="lw_1356004581_9">admin@vulnerability-lab.com</span></a> - <a href="mailto:support@vulnerability-lab.com"><span class="yshortcuts" id="lw_1356004581_10">support@vulnerability-lab.com</span></a> - <a href="mailto:research@vulnerability-lab.com"><span class="yshortcuts" id="lw_1356004581_11">research@vulnerability-lab.com</span></a><br />
Section: <a href="http://video.vulnerability-lab.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_12">video.vulnerability-lab.com</span></a> - <a href="http://forum.vulnerability-lab.com/" target="_blank"><span class="yshortcuts" id="lw_1356004581_13">forum.vulnerability-lab.com</span></a> - <a href="http://news.vulnerability-lab.com/" id="yui_3_7_2_1_1356004585012_8208" target="_blank"><span class="yshortcuts" id="lw_1356004581_14">news.vulnerability-lab.com</span></a><br />
Social: <a href="http://twitter.com/#%21/vuln_lab" target="_blank"><span class="yshortcuts" id="lw_1356004581_15">twitter.com/#!/vuln_lab</span></a> - <a href="http://facebook.com/VulnerabilityLab" target="_blank"><span class="yshortcuts" id="lw_1356004581_16">facebook.com/VulnerabilityLab</span></a> - <a href="http://youtube.com/user/vulnerability0lab" id="yui_3_7_2_1_1356004585012_8207" target="_blank"><span class="yshortcuts" id="lw_1356004581_17">youtube.com/user/vulnerability0lab</span></a><br />
Feeds:
vulnerability-lab.com/rss/rss.php -
vulnerability-lab.com/rss/rss_upcoming.php -
vulnerability-lab.com/rss/rss_news.php<br />
<br />
Any modified copy or
reproduction, including partially usages, of this file requires
authorization from Vulnerability Laboratory. <br />
Permission to
electronically redistribute this alert in its unmodified form is
granted. All other rights, including the use of other <br />
media, are
reserved by Vulnerability-Lab Research Team or its suppliers. All
pictures, texts, advisories, sourcecode, videos and <br />
other
information on this website is trademark of vulnerability-lab team &
the specific authors or managers. To record, list (feed), <br />
modify, use or edit our material contact (<a href="mailto:admin@vulnerability-lab.com">admin@vulnerability-lab.com</a> or <a href="mailto:support@vulnerability-lab.com">support@vulnerability-lab.com</a>) to get a permission.<br />
<br />
Copyright © 2012 | Vulnerability LaboratoryJohncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com15tag:blogger.com,1999:blog-30761105.post-85667438876467469622012-12-20T00:08:00.000-08:002012-12-20T00:14:18.201-08:00 Loganalyzer Cross Site Scripting Vulnerability in oracle_query paramater
<u>Loganalyzer Cross Site Scripting Vulnerability in oracle_query paramater</u><br />
A cross-site scripting vulnerability in the oracle_query parameter of the asktheoracle.php page was brought to our attention by <a href="http://johncrackernet.blogspot.com/">Mohd Izhar Bin Ali</a>.
We thank then for giving us the chance to fix this issue before
releasing information into the public. More details about the
vulnerabilities can be found in this security advisory.<br />
<br />
<u>Affected Stable Versions:</u><br />
Stable branch up to v3.6.0 (inclusive)<br />
<br />
<u>Fix:</u><br />
Update to <a href="http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-1-v3-stable" target="_blank">3.6.1 </a>or higher (if available)<br />
<br />
<b>Cross Site Scripting</b><br />
<u>Short Description:</u><br />
A cross-site scripting vulnerability existed in the <b>asktheoracle.php</b> page. An attacker could use it to execute arbitrary HTML and Script code by using the oracle_query parameter.<br />
<br />
<u>Potential Impact:</u><br />
An attacker could use prepared links to include and run scripts within the context of LogAnalyzer on the users browser.<br />
<br />
<u>Credits:</u><br />
We want to thank Mohd Izhar Bin Ali for identifying these issues and
working with us in resolving it. More details can be found in their
advisory.Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com4tag:blogger.com,1999:blog-30761105.post-1718536187041952752012-12-19T16:15:00.000-08:002012-12-19T16:15:02.489-08:00Kiwi Syslog Web Access 1.4.4 SQL Injection & Blind SQL InjectionProduct: Kiwi Syslog Web Access<br />Version: 1.4.4<br />Vendor: http://www.kiwisyslog.com/kiwi-syslog-server-overview/<br />Vulnerability type: SQL Injection and Blind SQL Injection<br />Risk level: High<br />Vendor notification: 2012-12-18<br />Tested on: Windows 2003<br />Author: Mohd Izhar Ali<br />
<br />
Kiwi Syslog Web Access version 1.4.4 suffers from remote SQL injection and blind SQL injection vulnerabilities.<br />
<br />
You can download here:<br />
<a href="http://packetstormsecurity.org/files/118945/Kiwi-Syslog-Web-Access-1.4.4-SQL-Injection.html">http://packetstormsecurity.org/files/118945/Kiwi-Syslog-Web-Access-1.4.4-SQL-Injection.html</a><br />
Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com2tag:blogger.com,1999:blog-30761105.post-71308387352955990682012-09-25T20:44:00.003-07:002012-09-25T20:44:17.382-07:00How to find latest IE vulnerability (CVE-2012-4969) with Nexpose<br />
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
As you probably know, Microsoft released advisory 2757760 (<a class="jive-link-external-small" href="http://technet.microsoft.com/en-us/security/advisory/2757760" style="border: 0px; color: #3778c7; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution</a>) which describes a Remote Code Execution vulnerability in Internet Explorer 7, 8, and 9. This was assigned to <a class="jive-link-external-small" href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4969" style="border: 0px; color: #3778c7; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">CVE-2012-4969</a> and Microsoft released a Security Update patch on September 21st, 2012 (<a class="jive-link-external-small" href="http://technet.microsoft.com/en-us/security/bulletin/ms12-063" style="border: 0px; color: #3778c7; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)</a>) to address this vulnerability.</div>
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; height: 8pt; line-height: 19px; min-height: 8pt; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
Check out this blog about the<a class="jive-link-blog-small" data-containerid="1001" data-containertype="37" data-objectid="5888" data-objecttype="38" href="https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit" style="background-color: transparent; background-image: url(https://community.rapid7.com/5.0.2/images/jive-icon-blog-12x12.png); background-position: 0% 50%; background-repeat: no-repeat no-repeat; border: 0px; color: #3778c7; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 1px 0px 1px 17px; text-decoration: none; vertical-align: baseline; zoom: 1;"> 0-day exploit released by the Metasploit team</a> on September 17th, 2012. As of Nexpose 5.4.5, released on September 22nd, 2012, <strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">you can also now find and remediate any assets that are vulnerable.</strong> Here's how:</div>
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
To continue reading; please click here:</div>
<div style="background-color: #f5faf0; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<a href="https://community.rapid7.com/community/nexpose/blog/2012/09/25/how-to-find-latest-ie-vulnerability-cve-2012-4969-with-nexpose">https://community.rapid7.com/community/nexpose/blog/2012/09/25/how-to-find-latest-ie-vulnerability-cve-2012-4969-with-nexpose</a>
</div>
Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com1tag:blogger.com,1999:blog-30761105.post-59577241090339212782012-09-25T20:26:00.000-07:002012-09-25T20:26:12.262-07:00phpMyAdmin Compromised Source Package Backdoor Security Issue<span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: justify;">A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.</span>
<br />
<span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: justify;"><br /></span>
<table class="stat lWidth" klmark="secunia:49901" style="background-color: #eeeeee; border-collapse: collapse; border-top-color: rgb(212, 212, 212); border-top-style: solid; border-top-width: 5px; font-family: arial; font-size: 14px; margin-top: 10px; overflow: hidden; width: 620px;"><tbody>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Secunia ID</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="50703"><div style="line-height: 1.4; margin-bottom: 0.34em;">
<a href="http://secunia.com/advisories/50703/" style="color: #3751ab; text-decoration: none;">SA50703</a></div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Release Date</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title=""><div style="line-height: 1.4; margin-bottom: 0.34em;">
25 Sep 2012</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Criticality</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="Extremely critical"><div style="line-height: 1.4; margin-bottom: 0.34em;">
<a href="http://www.securelist.com/en/advisories/50703" style="color: #3751ab; text-decoration: none;">Extremely Critical</a></div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Solution Status</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="Vendor Patched"><div style="line-height: 1.4; margin-bottom: 0.34em;">
Vendor Patch</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Software</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title=""><div style="line-height: 1.4; margin-bottom: 0.34em;">
phpMyAdmin 3.x</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Where</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="From remote"><div style="line-height: 1.4; margin-bottom: 0.34em;">
<a href="http://www.securelist.com/en/advisories/50703" style="color: #3751ab; text-decoration: none;">From remote</a></div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Impact</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="System access"><h5 style="font-size: 14px; line-height: normal; margin-bottom: 10px;">
System access</h5>
<div style="line-height: 1.4; margin-bottom: 0.34em;">
</div>
<div style="line-height: 1.4; margin-bottom: 0.34em;">
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.</div>
<div style="line-height: 1.4; margin-bottom: 0.34em;">
</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Description</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title=""><div style="line-height: 1.4; margin-bottom: 0.34em;">
A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.</div>
<div style="line-height: 1.4; margin-bottom: 0.34em;">
The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.</div>
<div style="line-height: 1.4; margin-bottom: 0.34em;">
The compromised source file was distributed via the "cdnetworks-kr-1" SourceForge mirror with the phpMyAdmin-3.5.2.2-all-languages.zip download.</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Solution</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title="Download and reinstall phpMyAdmin."><div style="line-height: 1.4; margin-bottom: 0.34em;">
Download and reinstall phpMyAdmin.</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Reported by</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title=""><div style="line-height: 1.4; margin-bottom: 0.34em;">
The vendor credits Tencent Security Response Center.</div>
</td></tr>
<tr class="t" style="vertical-align: top;"><td class="status pdr36" style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; font-style: italic; line-height: 1.4; padding: 6px; vertical-align: top;">Original Advisory</td><td style="border-bottom-color: rgb(212, 212, 212); border-bottom-style: solid; border-bottom-width: 1px; line-height: 1.4; padding: 6px; vertical-align: top;" title=""><div style="line-height: 1.4; margin-bottom: 0.34em;">
<a href="http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php" style="color: #3751ab;">http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php</a></div>
</td></tr>
</tbody></table>
Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com3tag:blogger.com,1999:blog-30761105.post-28526316949900704762012-02-04T00:08:00.000-08:002012-02-04T00:08:36.636-08:00FBI Arrests Suspected LulzSec and Anonymous Hackers<div dir="ltr" style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" trbidi="on">Search warrants were also being executed in New Jersey, Minnesota and Montana. The FBI arrested two alleged members of the hacking collectives LulzSec and Anonymous on Thursday morning in San Francisco and Phoenix, According to Fox news. The suspected hacker arrested in California is homeless and alleged to have been involved in the hacking of Santa Cruz County government websites.<br style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" />The person arrested in Arizona is a student at a technical university and allegedly participated in the widely publicized hack against Sony. Both groups have been targeted by the FBI and international law enforcement agencies in recent months.</div><div dir="ltr" style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" trbidi="on"><br style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" />Meanwhile, the FBI arrested an alleged Anonymous member in San Francisco. The man, who is reported to be homeless, is said to have been involved in internet attacks against Santa Cruz County government websites.Just because a man is homeless, of course, doesn't mean that he can't get an internet connection. Coffee houses, cafes, libraries, etc can all offer cheap or free internet access - and because the computer being used can be a shared device, it may be harder to identify who might have been responsible for an attack compared to a PC at a home.</div><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><b style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span class="Apple-style-span" style="font-size: medium; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">The arrests shouldn't surprise anyone. They made two errors:</span></b><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><b style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;">Mistake #1: They brough too much attention to themselves.</b><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left;">It is said that John Gotti, the mafia </span><span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left;">boss, brought so much attention to himself that he became a natural, high profile target for law enforcement. As Amichai Shulman, our CTO, stated before, the Lulzsec, the hackers "were extre</span><span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left;">mely unfocused in their goal and gained attention mainly due to the relative intensity of their activity and lack of other good media topics." They brought too much attention to themselves and you could expect law enforcement to find them. If you look at hacking historically, over the past 20 years many of the high-profile attacks or those that involve serious losses to governments or commercial companies have ended up with law enforcement finding the perpetrators eventually, such as Albert Gonzalez.</span><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><b style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;">Mistake #2: They didn't cover up their tracks.</b><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left;">Let's review some of the Lulzsec chat logs from a few months ago. One snippet, in reference to discussions Lulzsec was having with the media, shows how the hackers themselves admit they gave away too much informaiton:</span><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><i style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span class="Apple-style-span" style="color: #990000; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Topiary - Sabu and I got a bit carried away and gave LulzSec away a bit</span></i><br style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;" /><span style="background-color: white; color: #555555; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left;">As Imperva's Tal Be'ery said in this USA Today article, "When you're running this kind of operation for a long time, especially with not very concrete plans, you're bound to make mistakes." The mistakes Lulzsec and Anonymous made during their hacking spree left an electronic trail with enough foot prints to product today's arrests.</span>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-18641762281856377492011-12-15T04:16:00.000-08:002011-12-15T04:16:08.893-08:00sslyze – Fast and Full-Featured SSL Configuration Scanner<div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA <a class="kLink" href="http://www.darknet.org.uk/#" id="KonaLink3" style="background-attachment: initial !important; background-clip: initial !important; background-color: transparent !important; background-image: none !important; background-origin: initial !important; border-bottom-color: transparent !important; border-bottom-style: none !important; border-bottom-width: 0px !important; border-color: initial; border-left-color: transparent !important; border-left-style: none !important; border-left-width: 0px !important; border-right-color: transparent !important; border-right-style: none !important; border-right-width: 0px !important; border-style: initial; border-top-color: transparent !important; border-top-style: none !important; border-top-width: 0px !important; bottom: 0px; color: blue !important; cursor: pointer; display: inline !important; font-family: inherit !important; font-size: inherit !important; left: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: none; outline-width: initial; padding-bottom: 0px !important; padding-left: 0px !important; padding-right: 0px !important; padding-top: 0px !important; position: static; right: 0px; top: 0px; vertical-align: baseline;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: blue; font-family: inherit !important; font-size: inherit !important; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; position: static; vertical-align: baseline;"><span class="kLink" style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: none; background-origin: initial; border-bottom-color: initial; border-bottom-style: solid; border-bottom-width: 1px; border-color: initial; border-left-color: initial !important; border-left-style: none !important; border-left-width: 0px !important; border-right-color: initial !important; border-right-style: none !important; border-right-width: 0px !important; border-style: initial; border-top-color: initial !important; border-top-style: none !important; border-top-width: 0px !important; display: inline !important; float: none !important; font-family: inherit !important; font-size: inherit !important; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 1px !important; padding-left: 0px !important; padding-right: 0px !important; padding-top: 0px !important; position: static; vertical-align: baseline; width: auto !important;">system</span></span></a>, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfiguration has always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.</div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.</div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"></div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">SSLyze is a stand-alone python application that looks for classic SSL misconfiguration, while providing the advanced user with the opportunity to customize the application via a simple plugin interface.</div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"><strong style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Features</strong></div><ul style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 20px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 30px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"><li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Insecure renegotiation testing</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"><a class="kLink" href="http://www.darknet.org.uk/#" id="KonaLink4" style="background-attachment: initial !important; background-clip: initial !important; background-color: transparent !important; background-image: none !important; background-origin: initial !important; border-bottom-color: transparent !important; border-bottom-style: none !important; border-bottom-width: 0px !important; border-color: initial; border-left-color: transparent !important; border-left-style: none !important; border-left-width: 0px !important; border-right-color: transparent !important; border-right-style: none !important; border-right-width: 0px !important; border-style: initial; border-top-color: transparent !important; border-top-style: none !important; border-top-width: 0px !important; bottom: 0px; color: blue !important; cursor: pointer; display: inline !important; font-family: inherit !important; font-size: inherit !important; left: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: none; outline-width: initial; padding-bottom: 0px !important; padding-left: 0px !important; padding-right: 0px !important; padding-top: 0px !important; position: static; right: 0px; top: 0px; vertical-align: baseline;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: blue; font-family: inherit !important; font-size: inherit !important; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; position: static; vertical-align: baseline;"><span class="kLink" style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: none; background-origin: initial; border-bottom-color: blue; border-bottom-style: solid; border-bottom-width: 1px; border-color: initial; border-left-color: initial !important; border-left-style: none !important; border-left-width: 0px !important; border-right-color: initial !important; border-right-style: none !important; border-right-width: 0px !important; border-style: initial; border-top-color: initial !important; border-top-style: none !important; border-top-width: 0px !important; display: inline !important; float: none !important; font-family: inherit !important; font-size: inherit !important; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 1px !important; padding-left: 0px !important; padding-right: 0px !important; padding-top: 0px !important; position: static; vertical-align: baseline; width: auto !important;">Scanning</span></span></a> for weak strength ciphers</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Checking for SSLv2, SSLv3 and TLSv1 versions</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Server certificate information dump and basic validation</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Session resumption capabilities and actual resumption rate measurement</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Support for client certificate authentication</li>
<li style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: circle; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Simultaneous scanning of multiple servers, versions and ciphers</li>
</ul><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">For example, SSLyze can help user’s identify server configurations vulnerable to <a href="http://www.darknet.org.uk/2011/10/thc-ssl-dosddos-tool-released-for-download/" style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #df6f0b; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none; vertical-align: baseline;">THC’s recently released SSL DOS attack</a> by checking the server’s support for client-initiated renegotiations. For more information on testing for client-initiated renegotiations, you can read<a href="http://code.google.com/p/sslyze/wiki/ThcSslDOS" style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #df6f0b; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none; vertical-align: baseline;">here</a>.</div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">You can download sslyze here:</div><div style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #3f312e; font-family: Helvetica, Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 18px; margin-top: 18px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"><a href="http://sslyze.googlecode.com/files/sslyze-0.3_src.zip" style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #df6f0b; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none; vertical-align: baseline;">sslyze-0.3_src.zip</a></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com1tag:blogger.com,1999:blog-30761105.post-88253953183281784312011-12-15T04:00:00.000-08:002011-12-15T04:00:18.784-08:00Microsoft Security Bulletin for December 2011Microsoft’s Security Bulletin for December 2011 includes 13 bulletins addressing 17 vulnerabilities. Three of the bulletins are rated "critical": MS11-087, MS11-090, and MS11-092 and the rest are "important". This month many of the patches relate to vulnerabilities with known exploits likely available in the wild, so it is essential that organizations prioritize patching as soon as possible.<br />
<br />
Microsoft reports that the exploit code for the “critical” MS11-087 and MS11-092 is likely to be in the wild. This comes as no surprise with MS11-087, which addresses the much publicized zero-day vulnerability related to the malicious Duqu worm. The vulnerability is in Windows kernel-mode drivers and could allow remote code execution. Microsoft previously released a workaround for this as a part of Microsoft Security Advisory #2639658, so organizations applying patch MS11-087 need to also undo the workaround if it was deployed.<br />
<br />
MS11-092 is a vulnerability in Windows Media player and Media Center, which an attacker could use to phish a victim into visiting a site or opening a file on their site. Microsoft also reports that there is likely already exploit code available for this vulnerability.<br />
<br />
This month, there are a couple of updates related to Internet Explorer. MS11-092 is an Active-X bug that exploits a user when they visit a webpage with Internet Explorer. MS11-099 is a cumulative security update for Internet Explorer. Browser updates always get my attention because browsers are on the front line in the security battle. As we approach the end of the year, organizations should be thinking about bringing in the new year by upgrading their legacy browsers and upgrading to Internet Explorer 9.<br />
<br />
There are several bulletins related to Microsoft Office Suite and applications related to it such as Powerpoint, Publisher, and Excel. MS11-094, related to Powerpoint, is like to have exploit code in the wild.<br />
<br />
According to the 80/20 rule, 20% of your vulnerabilities will likely cause 80% of your security risk. I see Microsoft getting the number of critical bulletins way down, but at the same time those criticals could be responsible for mass compromises and included in mass malware packs.<br />
<br />
This is a month where Microsoft patched a wide variety of vulnerabilities so organizations need to test and patch the “critical” ones as soon as possible, and prioritize the “importants” by which ones have exploit code available, and which ones allow remote code execution.<br />
<br />
From: <a href="https://community.rapid7.com/community/infosec/blog/2011/12/14/microsoft-security-bulletin-for-december-2011">https://community.rapid7.com/community/infosec/blog/2011/12/14/microsoft-security-bulletin-for-december-2011</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com1tag:blogger.com,1999:blog-30761105.post-31414438038656023412011-12-06T09:14:00.000-08:002011-12-06T09:14:12.430-08:00Vendor Security<div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">I’d like to share our experiences with vendor security since I’m sure it’s something that impacts all of us. Like every company, Rapid7 relies on a number of technology vendors for a huge range of products and services to run the business. I’m sure no one will be surprised to hear that as a security company we have a policy specifying the security requirements that our vendors need to meet before we’ll do business with them. Our view is that their security directly impacts any of our internal or customer data that their systems hold, so we take it as seriously as our own infrastructure security. Most or all of you probably have the same approach, but one unique thing that we have at our disposal is a number of highly skilled security experts on staff which allows us to have a mandatory application security assessment as part of our policy.</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; height: 8pt; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; min-height: 8pt; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><br />
</div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">The results of this policy over the last few years have been eye-opening. The number of prospective vendors that pass our security bar is disappointingly low, across every category we used (marketing tools, sales tools, support tools, file transfer tools, IT infrastructure, etc). The most recent failure sparked this blog post, but it was the norm rather than the exception. More often than not they fail basic tests with numerous readily apparent and easily exploitable issues. If the vendor has a great product or service that we think is significantly better than the alternatives we evaluated, we’ll delay our deployment while we engage with them to address the issues we found, getting commitments to fix in a defined timeline. The results there have been equally dismal, with most of them missing their commitments and forcing us to end up going with an alternate months later. It’s clear that our security bar is far higher than their bar, but also that in many cases they don’t have either the desire or skills to significantly improve their security.</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; height: 8pt; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; min-height: 8pt; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><br />
</div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">All of this ends up slowing our deployment of the various third party solutions, which is an acceptable tradeoff in our view. But what do we do when <span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;">none</span> of the vendors in the space pass the security bar? And more broadly, what can we do as a security community to raise awareness of the state of vendor security and create impetus for change? Our individual efforts to push the vendors we’ve engaged with generally haven’t been enough to move the ball. If you have any suggestions on how we can tackle this as a community, please post them below.</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; height: 8pt; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; min-height: 8pt; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><br />
</div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">In the meantime, I thought I’d share our own approach in case it’s useful to any of you. The overall approach we use is a coordinated process between procurement, legal, and IT security. Having a coordinated process between the business discussion and technical due diligence allows for not just improved decision making, but also more informed negotiation.</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; height: 8pt; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; min-height: 8pt; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><br />
</div><ol start="1" style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 2.25em; padding-right: 0px; padding-top: 0px; text-align: left;"><li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">First, in addition to screening new vendors, if you haven’t already been doing this, start by pulling together a list of all your existing vendors (particularly SaaS vendors that have an exposed security surface). This will be eye-opening the first time you do it, since lots of groups will have been using tools without any IT involvement.</span><ul style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-image: initial; list-style-position: initial; list-style-type: disc; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 2.25em; padding-right: 0px; padding-top: 0px;"><li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">One useful tactic we use to find out what’s in use and catch new ad-hoc “deployments” that bypass your vetting process is a periodic review of corporate credit card statements, flagging expenses associated with known vendors & SaaS providers.</span></li>
</ul></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Use a security questionnaire to understand their security policies, processes, and sophistication.</span></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Demand to see the results of their latest security audit, showing what was tested, the findings, and the remediation they’ve done since that time. (We do an audit ourselves because we can). Negotiate for rights to this on a periodic basis.</span></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Pay close attention to audit logging functionality. Does the SaaS application track and report on login/logout, user actions within the application, and does it track source IP address? At the very least, you will want to conduct periodic reviews of the account logs to check for anomalies.</span></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Scrutinize the identity management capabilities and set a policy for how they are used. Access management, particularly account management, is one of the weakest areas of SaaS security today. Multiple users are often tempted to share accounts because account limits are common to SaaS: this practice needs to be discouraged. Organizational password strength and password rotation policies are usually difficult to enforce when it comes to SaaS. Account provisioning and de-provisioning usually happens outside the IT group, and sometimes there are multiple users on a SaaS application with the ability to create accounts but no single user with clear ownership of, and responsibility for, the application. This creates a substantial risk that accounts will not be revoked in a timely fashion upon a change in employment status. Some approaches that can mitigate the issue:</span><ul style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-image: initial; list-style-position: initial; list-style-type: disc; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 2.25em; padding-right: 0px; padding-top: 0px;"><li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Ensure that IT is solely responsible for account management in all SaaS applications.</span></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Conduct periodic reviews of active SaaS accounts across all applications, matching to current employee rosters.</span></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Work with your SaaS provider to enact IP-level restrictions to all logins, so that employees are required to be either physically present in the office or connected to the VPN to log in to the SaaS application. This will require the VPN to operate in “full tunnel” mode, where all traffic (including internet traffic) is driven over the VPN to egress from the corporate network.</span></li>
</ul></li>
<li style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; list-style-type: inherit; margin-bottom: 0.2em; margin-left: 0px; margin-right: 0px; margin-top: 0.2em; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; font-size: 10pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Most SaaS applications allow you to grant different levels of permissions to different users. As much as possible, place reasonable limits on user </span><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">access levels in SaaS applications. Restrict manager privileges to as few accounts as possible</span></li>
</ol><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; height: 8pt; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; min-height: 8pt; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><br />
</div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">As companies increasingly rely on SaaS solutions to do every day business, <span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-size: 11pt; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">and security moves even further outside of your control</span>, it becomes more and more important to proactively ensure the security and integrity of the solution you rely on. Employing a number of these suggestions, when considering your SaaS solutions, will help put you on the road to a higher level of security serving both your internal stakeholders and customers well.</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Article from Rapid7 Blog:</span></div><div style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: #f5faf0; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #333333; font-family: Arial; font-size: 12px; line-height: 16px; list-style-image: initial; list-style-position: initial; list-style-type: none; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;"><span style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-collapse: collapse; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: arial, helvetica, sans-serif; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><a href="https://community.rapid7.com/community/infosec/blog/2011/12/06/vendor-security">https://community.rapid7.com/community/infosec/blog/2011/12/06/vendor-security</a></span></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com1tag:blogger.com,1999:blog-30761105.post-56243286845845945362011-12-06T08:57:00.000-08:002011-12-06T09:04:04.324-08:00The Mole – Automatic SQL Injection SQLi Exploitation ToolThe Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://farm8.staticflickr.com/7016/6436951245_06f742897a.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="http://farm8.staticflickr.com/7016/6436951245_06f742897a.jpg" width="320" /></a></div><br />
Features:<br />
<ul><li>Support for injections using Mysql, SQL Server, Postgres and Oracle databases.</li>
<li>Command line interface. Different commands trigger different actions.</li>
<li>Auto-completion for commands, command arguments and database, table and columns names.</li>
<li>Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.</li>
<li>Developed in python 3.</li>
</ul><div>If you want to see documentation, download or tutorial, please refer here:</div><div><a href="http://themole.sourceforge.net/">http://themole.sourceforge.net/</a></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com2tag:blogger.com,1999:blog-30761105.post-23283190573710977162011-12-06T08:52:00.000-08:002011-12-06T08:52:53.934-08:00Adding custom wordlists in Metasploit for brute force password auditsIn any penetration test that involves brute forcing passwords, you may want to increase your chances of a successful password audit by adding custom wordlists specific to the organization that hired you. Some examples:<br />
<ul><li>If you are security testing a hospital, you may want to add a dictionary with medical terms.</li>
<li>If you're testing a German organization, users are likely to use German passwords, so you should add a German wordlist.</li>
<li>Another good idea is to build a custom wordlist based on the organization's website (try the Worldlist Ruby gem to generate a wordlist based on a URL scrape)</li>
</ul><div>For more details, please refer to this Metasploit Blog:</div><div><a href="https://community.rapid7.com/community/metasploit/blog/2011/12/05/adding-custom-wordlists-in-metasploit-for-brute-force-password-audits">https://community.rapid7.com/community/metasploit/blog/2011/12/05/adding-custom-wordlists-in-metasploit-for-brute-force-password-audits</a></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-30040160920315877152011-12-06T08:37:00.000-08:002011-12-06T08:38:31.355-08:00October 2011: Ten Cisco Vulnerabilities<div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">The Cisco Product Security Incident Response Team (PSIRT) has published ten important vulnerability advisories:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Buffer Overflow Vulnerabilities in the Cisco WebEx Player</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified Contact Center Express Directory Traversal Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Security Agent Remote Code Execution Vulnerabilities</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified Communications Manager Directory Traversal Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">CiscoWorks Common Services Arbitrary Command Execution Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Show and Share Security Vulnerabilities</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Directory Traversal Vulnerability in Cisco Network Admission Control Manager</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Multiple Vulnerabilities in Cisco Firewall Services Module</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span id="more-923" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"></span><br />
<strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Buffer Overflow Vulnerabilities in the Cisco WebEx Player</strong><br />
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
The vulnerabilities disclosed in this advisory affect the Cisco WRF players. The Microsoft Windows, Apple Mac OS X, and Linux versions of the players are all affected. Review the following table for the list of releases that contain the nonvulnerable code. Affected versions of the players are those prior to client build T26 SP49 EP40 and T27 SP28. These build numbers are available only to WebEx site administrators. End users will see a version such as “Client build: 27.25.4.11889.” This indicates the server is running software version T27 SP25 EP4.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
The Cisco WebEx Recording Format (WRF) Player is affected by the following vulnerabilities:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco WebEx Player WRF Parsing Vulnerability: This vulnerability has been assigned the following Common Vulnerabilities and Exposures (CVE) identifier: CVE-2011-3319</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco WebEx Player ATAS32 Processing Vulnerability:This vulnerability has been assigned the following Common Vulnerabilities and Exposures (CVE) identifier: CVE-2011-4004</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">The vulnerabilities may cause the player application to crash or, in some cases, remote code execution could occur.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of the vulnerabilities described in this document could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the WRF player application.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111026-webex</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Cisco Unified Contact Center Express Directory Traversal Vulnerability</strong><br />
Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
The following Cisco UCCX versions are vulnerable:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco UCCX version 6.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco UCCX version 7.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco UCCX version 8.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco UCCX version 8.5(x)</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">The following Cisco Unified IP Interactive Voice Response versions are vulnerable:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified IP Interactive Voice Response version 6.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified IP Interactive Voice Response version 7.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified IP Interactive Voice Response version 8.0(x)</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified IP Interactive Voice Response version 8.5(x)</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
The Cisco Unified Contact Center Express is a single/two node server, integrated “contact center in a box” for use in deployments with up to 300 agents until software version 8.0(x) and 400 agents starting at version 8.5(x). The vulnerability is due to improper input validation, and could allow the attacker to traverse the filesystem directory. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. The vulnerability in Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response could be exploited over TCP port 8080 in 6.0(x) and 7.0(x) versions and TCP port 9080 starting in 8.0(x) version of the product.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to retrieve arbitrary files from the Cisco Unified Contact Center Express or Cisco Unified IP Interactive Voice Response filesystem.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111026-uccx</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras</strong><br />
A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series are affected by this vulnerability. For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all 1.1.x software releases and releases prior 2.4.0 are affected by this vulnerability, For Cisco Video Surveillance 2600 IP Camera, all software releases before 4.2.0-13 are affected by this vulnerability.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
The Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series of devices are affected by a RSTP TCP crafted packets denial of service vulnerability that may allow an unauthenticated attacker to cause the device to reload by sending a series of crafted packets. This vulnerability can be exploited from both wired and wireless segments.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of the vulnerability may result in DoS condition. Subsequent exploitation may result in sustained DoS condition, as the cameras will continue to reload.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111026-camera</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Cisco Security Agent Remote Code Execution Vulnerabilities</strong><br />
Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
These vulnerabilities only affect 6.x versions of Cisco Security Agent running on Windows platforms.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
Version 6.x of Cisco Security Agent running on Windows platforms is affected by the following vulnerabilities:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect availability, related to File ID SDK: This vulnerability is assigned Common Vulnerabilities and Exposures (CVE) IDs CVE-2011-0794</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect availability via vectors related to Outside In Filters: This vulnerability is assigned Common Vulnerabilities and Exposures (CVE) IDs CVE-2011-0808</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to perform remote code execution on the affected device that will execute with Administrator privileges.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111026-csa</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Cisco Unified Communications Manager Directory Traversal Vulnerability</strong><br />
Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
The following products are affected by this vulnerability:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified Communications Manager 6.x</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified Communications Manager 7.x</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Unified Communications Manager 8.x</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111026-cucm</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">CiscoWorks Common Services Arbitrary Command Execution Vulnerability</strong><br />
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
This vulnerability affects all versions of CiscoWorks Common Services-based products running on Microsoft Windows. Common Services version 4.1 and later are not affected by this vulnerability.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. The vulnerability is due to improper input validation in the CiscoWorks Home Page component. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. An exploit could allow the attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.<br />
This vulnerability affects CiscoWorks Common Services running only on Microsoft Windows.<br />
This vulnerability could be exploited over the default management ports, TCP port 1741 or 443.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111019-cs</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Cisco Show and Share Security Vulnerabilities</strong><br />
The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities.</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">The first vulnerability allows an unauthenticated user to access several administrative web pages.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">The second vulnerability permits an authenticated user to execute arbitrary code on the device under the privileges of the web server user account.</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
These vulnerabilities affect all versions of Cisco Show and Share prior to the first fixed releases as indicated in the Software Version and Fixes section of this Cisco Security Advisory.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
Cisco Show and Share contains the following vulnerabilities:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Anonymous users can access some administration pages: Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. These include pages for accessing Encoders and Pull Configurations, Push Configurations, Video Encoding Formats, and Transcoding. This vulnerability is documented in Cisco Bug ID CSCto73758, (registered customers only) and has been assigned CVE identifier CVE-2011-2584.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Cisco Show and Share arbitrary code execution vulnerability: An authenticated user with privileges to upload videos could upload code that could then be executed under the privileges of the web server.</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
These vulnerabilities have the following impact on Cisco Show and Share:<br />
CSCto73758: Anonymous users can access some administration pages. Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. The impact of the different administrative web pages include:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Encoders Configurations</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Push Configurations</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Video Encoding Formats</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Transcoding</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">CSCto69857: Cisco Show and Share arbitrary code execution vulnerability. An authenticated user may upload arbitrary code that can be executed on the appliance with the same privileges as the web server.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111019-sns</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Directory Traversal Vulnerability in Cisco Network Admission Control Manager</strong><br />
Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
Only Cisco NAC Manager software versions 4.8.X are affected by this vulnerability. Cisco NAC Manager software versions 4.7.X and earlier are not affected.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong><br />
Cisco NAC Manager contains a directory traversal vulnerability. The management interface uses TCP port 443. An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-nac" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111005-nac</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module</strong><br />
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">MSN Instant Messenger (IM) Inspection Denial of Service vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">TACACS+ Authentication Bypass vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Four SunRPC Inspection Denial of Service vulnerabilities</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Internet Locator Service (ILS) Inspection Denial of Service vulnerability</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong></div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">MSN IM Inspection Denial of Service Vulnerability: The MSN IM inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances is affected by a DoS vulnerability.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">TACACS+ Authentication Bypass Vulnerability: An authentication bypass vulnerability affects the TACACS+ implementation of Cisco ASA 5500 Series Adaptive Security Appliances.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">SunRPC Inspection Denial of Service Vulnerabilities: Four DoS vulnerabilities affect the SunRPC inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">ILS Inspection Denial of Service Vulnerability: A DoS vulnerability affects the ILS inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances.</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of all the DoS vulnerabilities could cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the TACACS+ authentication bypass vulnerability could allow an attacker to bypass authentication of VPN, firewall and/or administrative sessions.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-asa" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111005-asa</a></div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Multiple Vulnerabilities in Cisco Firewall Services Module</strong><br />
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:</div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Syslog Message Memory Corruption Denial of Service Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Authentication Proxy Denial of Service Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">TACACS+ Authentication Bypass Vulnerability</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Internet Locator Server (ILS) Inspection Denial of Service Vulnerability</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Vulnerable Products</strong><br />
The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by multiple vulnerabilities. Affected versions of Cisco FWSM Software vary depending on the specific vulnerability. Refer to the “Software Version and Fixes” section for specific information on vulnerable versions.</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Details</strong></div><ul style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; list-style-image: initial; list-style-position: initial; list-style-type: none; margin-bottom: 15px; margin-left: 15px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Syslog Message Memory Corruption Denial of Service Vulnerability: A denial of service vulnerability exists in the implementation of one specific system log message (message ID 302015, “Built outbound UDP connection session-id for src-intf:IP/Port to dst-intf:IP/Port ARP-Incomplete”) that can cause memory corruption and lead to a lock up or crash of the Cisco FWSM in the event that that system log message needs to be generated for IPv6 traffic that has flowed through the device. The Cisco FWSM may not recover on its own and a manual reboot may be necessary to recover.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">Authentication Proxy Denial of Service Vulnerability: A denial of service vulnerability exists in some versions of Cisco FWSM Software that affects devices configured to use authentication to grant users access to the network, also known as cut-through or authentication proxy. Vulnerable configurations are those that contain the aaa authentication match or aaa authentication include commands. The vulnerability may be triggered when there is a high number of network access authentication requests.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">TACACS+ Authentication Bypass Vulnerability: An authentication bypass vulnerability exists in the TACACS+ implementation in the Cisco FWSM. Successful exploitation could allow a remote attacker to bypass TACACS+ authentication of VPN users (the Cisco FWSM only allows VPN sessions for management), firewall sessions, or administrative access to the device.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">SunRPC Inspection Denial of Service Vulnerabilities: The Cisco FWSM is affected by four vulnerabilities that may cause the device to reload during the processing of different crafted SunRPC messages when SunRPC inspection is enabled. These vulnerabilities are triggered only by transit traffic; traffic that is destined to the device does not trigger these vulnerabilities.</li>
<li style="background-attachment: initial; background-clip: initial; background-color: initial; background-image: url(http://www.ciscozine.com/wp-content/themes/alltuts/images/bullet_list.png); background-origin: initial; background-position: 0px 9px; background-repeat: no-repeat no-repeat; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 5px; padding-left: 15px; padding-right: 0px; padding-top: 5px;">ILS Inspection Denial of Service Vulnerability: The ILS inspection engine provides Network Address Translation (NAT) support for Microsoft NetMeeting, SiteServer, and Active Directory products that use Lightweight Directory Access Protocol (LDAP) to exchange directory information with an ILS server.</li>
</ul><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Impact</strong><br />
Successful exploitation of any of the denial of service vulnerabilities could cause an affected device to reload. Repeated exploitation could result in a sustained denial of service condition. Successful exploitation of the TACACS+ authentication bypass vulnerability could allow an attacker to bypass authentication of VPN, firewall, and/or administrative sessions</div><div style="background-color: #f0f0f0; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 10px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Link:</strong> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-fwsm" style="color: #1fa2e1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: none;" target="_blank">http://tools.cisco.com/…/cisco-sa-20111005-fwsm</a><br />
<br />
Article from: <a href="http://www.ciscozine.com/2011/12/02/october-2011-ten-cisco-vulnerabilities/">http://www.ciscozine.com/2011/12/02/october-2011-ten-cisco-vulnerabilities/</a></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com3tag:blogger.com,1999:blog-30761105.post-58586728436004277512011-12-06T08:35:00.000-08:002011-12-06T08:35:09.723-08:00Using Google as Malware Spreading TechniqueExploit Database released whitepaper called Using Google as Malware Spreading Technique. The malware distributors spread the programs by using search engine optimization (SEO) techniques, such as link farming, keyword stuffing, and abusing search algorithms. You can refer to this paper:<br />
<a href="http://www.exploit-db.com/download_pdf/18206">http://www.exploit-db.com/download_pdf/18206</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-28721289796615046452011-12-06T08:23:00.000-08:002011-12-06T09:23:46.855-08:00Hacker attack Google, Gmail, YouTube, Yahoo, Apple, Microsoft, Hotmail<div>The biggest are down!!! Hacker with nickname AlpHaNiX attack Google, Gmail, Youtube, Yahoo, Apple etc. All websites are hacked on domain .cd wich belongs to Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.</div><div>Hacked websites: http://apple.cd/, http://yahoo.cd/, http://gmail.cd/, http://google.cd/, http://youtube.cd/, http://linux.cd/, http://samsung.cd/, http://hotmail.cd/, http://microsoft.cd/</div><div>DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server.</div><div>For details, please refer here:</div><div><a href="http://security.web-center.si/?p=161">http://security.web-center.si/?p=161</a></div>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-71043889051061365862011-11-10T05:19:00.000-08:002011-11-10T05:19:13.792-08:00Computerized Prison doors hacked with vulnerabilities used by Stuxnet wormSecurity holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers.<br />
<br />
A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously.<br />
<br />
"I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including on death row, which of course sent chills down my spine. So we fixed that problem very quickly. It was a minor technical thing that had to do with the equipment used, but the gist of it was it made me think if that could be done accidentally, what was the extent of what you could do if you did it deliberately?"<br />
<br />
The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran’s nuclear program in 2009.A malicious cyber-intruder could “destroy the doors,” by overloading the electrical system that controls them, locking them permanently open, said Mr. Strauchs, now a consultant who has designed security systems for dozens of state and federal prisons.<br />
<br />
The U.S. Department of Homeland Security has confirmed the validity of their results and the researchers have already demonstrated the attack to federal and state Bureaus of Prisons and a number of federal agencies.<br />
<br />
Source: <a href="http://thehackernews.com/2011/11/computerized-prison-doors-hacked-with.html">http://thehackernews.com/2011/11/computerized-prison-doors-hacked-with.html</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-28235836604640929732011-11-10T04:33:00.000-08:002011-11-10T04:33:43.551-08:00Sqlninja 0.2.6Sqlninja 0.2.6 "bunga bunga edition" is available! I have been extremely lazy in the last few months or so, and the new job is not really helping me in finding time and motivation to work much on this little old pet project of mine. However, the new version is finally ready! It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:<br />
ICMP-based shell (thanks Nico!)<br />
CVE-2010-0232 support to escalate the sqlservr.exe process to SYSTEM (greetz Tavis!)<br />
Header-based injection support<br />
Grab it from the Download page and please report any bug you find :)<br />
<a href="http://sqlninja.sourceforge.net/download.html">http://sqlninja.sourceforge.net/download.html</a><br />
<br />
Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.<br />
<br />
Here’s what it does:<br />
<ul><li>Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)</li>
<li>Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)</li>
<li>Privilege escalation to sysadmin group if 'sa' password has been found</li>
<li>Creation of a custom xp_cmdshell if the original one has been removed</li>
<li>Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)</li>
<li>TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell</li>
<li>Direct and reverse bindshell, both TCP and UDP</li>
<li>ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box</li>
<li>DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)</li>
<li>Evasion techniques to confuse a few IDS/IPS/WAF</li>
<li>Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection</li>
<li>Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping</li>
<li>Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM</li>
</ul>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-6943540390896903462011-11-08T19:32:00.000-08:002011-11-08T19:32:42.360-08:00Let us stop with the buzz on TORHi to all,<br />
<br />
Since a few weeks a huge buzz has arised around the TOR security and especially regarding the attack we have designed and experimented. I decided not to react, not to feed the buzz since I do not like it and if controversy may sometimes be constructive, in the present case, things have gone too far: stupid comments on comments from others (on which basis since we have published only a very few things yet?), personal attacks close sometimes to libelling, huge emotions, doubts and fear that may be understood however, collective hysteria...<br />
<br />
However, going on sticking away would in some sense backing this buzz. It is time to remind that the only possible goal is to have more security, to determine whether really our attack can put seriously TOR security into question and go ahead to try to find solutions to improve. Security is a too serious thing to be only a playground for buzz. Even if -- especially as a former military cryptanalyst -- I do not fully agree on a few conceptual choices in TOR, there must be no doubt for anyone about our will to contribute to the TOR security and this from the very beginning. We must not forget that a few people who use TOR are putting sometimes their life into danger (political opponents, militaries...) for a more democratic and free society. In this respect, we cannot waste a precious time. Up to me, the issue is very clear: there is absolutely no doubt that we need a solution like TOR even this solution is far from being perfect. But is there such a thing as a perfect solution, especially if you add political and national security issues?<br />
<br />
When I decided to work on TOR -- by mid of 2010 -- I was just interested in the crypto part, looking for some application of the concept of dynamic cryptographic trapdoor that I had imagined a few years ago. So far I could test it only in non public yet real networks. Hence it was not possible to publish anything on those results. So at the beginning, I had nothing against TOR and I still don't.<br />
<br />
When it was clear that TOR could also succumbed to this concept, I imagined the attack under the present light of media. If I have a rather good knowledge of network technology, it was not sufficient and I needed to have more skilled guys, especially to find ways to force 3-node routes through compromised nodes with a very high probability. Two of my best students of our N&IS Specialised master, Seun from Nigeria and Leonard from Tanzania -- two really excellent students -- have joined the party on April 2011. They have worked very hard, have done an excellent job both at the academic level and at the operational/technical level. I can say that as a tutor, I am really proud of their work. Of course, for anyone who knows how research works, you never totally start from scratch and Seun and Leonard's first tasks were to establish a bibliography on the existing network approaches used by previous researchers: Murdoch, Evans, Danezis, Pappas, Bendiken... who all have been mentioned in the slides. Then they have developped their own tools/approaches to fit my operational intent. Just as it is required in any research work. And other people doing hacking or research are doing the same.<br />
<br />
We have just done research, serious, good and operational research up to me. We have tested our attack in conditions close to the reality. People will make their own ideas. I decided at that time not to make buzz, just to present this work in hacking conferences. Unfortunately my employer -- an academic institution -- has required from me to present my attack to French journalists. I have accepted since an employer is always right...or you have to resign. But at the very end, I did not really mind: who cares about news published in French in the world? Then things went wrong and the hype created by others has gone too far. The TOR foundation contacted me in a form that was probably not very fair -- to my perception at last -- and myself I have to make a throrough criticism of myself when facing the resulting buzz. After 22 years in the Army (in the French Marine Corps Infantry), I suppose that I have kept a not very flexible and accomodating mind. Sorry for that. We have decided that it was necessary to restore the contact with the TOR foundation and its president Roger Dingledine to go beyond our differences in opinions, views and interpretations and go ahead towards more security in TOR in a more constructive way. Any other end would have been totally irresponsible from Seun and me.<br />
<br />
Our attack works not because the TOR source code has flaws. Once again, it is well-written and in a secure way. It is more related to conceptual issues. We have just analyzed the TOR network at a higher level, by considering it as a critical infrastructure and using a large, multi-level and coordinated attacks. Up to me according to personal information, which are confirmed partly on the TOR website, I am convinced that China (especially in 2009 and late 2010) has already tried similar attacks and has been, at least partly successful. Of course we cannot accept that.<br />
<br />
The main problem comes from the fact that<br />
the TOR network relies on volunteers which most of the time do not secure their computers. That is dramatic. Just imagine the security nightmare in a big company where every user would be free to choose the operationg system, the way to configure it... We will not publish all what we have detected. But be sure that we have seen horrible things as far as security is concerned. In this respect, we think that an overall computer security policy should be enforced and any OR not complying with it should be banned from the network.<br />
TCP is a nightmare as well and this is the main issue. I am not a network expert but I have the feeling that it will difficult to built more security at that level. We have managed to return a few of the TOR protections against DDoS against TOR itself when considering local, surgical strikes.<br />
But to be honest, being able to force 3-node circuits can be exploited only if there exists a significant part of ORs that have been compromised. So back to the first point.<br />
<br />
Up to me there is some hope and technical improvements should be possible. Among many possible ideas. we propose:<br />
as an emergency measure, to ban weak ORs that are not secure enough. This requires to make fingerprinting and active auditing what we did actually but only partly for legal reasons.<br />
to add steganography techniques in TOR. Remember that using cryptography focuses attention and hence attacks. Why not a steganographic version of TOR?<br />
to limit not so say prevent the installation of dynamic cryptographic backdoors (memory protection by hardware-based virtualization for instance, malicious cryptography techniques to prevent memory tampering, process protection techniques [we have developped a few in our lab]...).<br />
Seun intends to dedicate his PhD thesis to the enhancement of the TOR security with innovative propositions. He is just waiting for a PhD grant. We are ready to contribute and to be involved anyway.<br />
<br />
We have sent all source code and slides to the TOR foundation in order to help it to design and release a potentially more secure version of TOR. Recent exchanges with Roger seem to show that somehow our work is considered as significant and was not greatly exaggerated. That is sufficient to us. I let him confirm or not. We will release the source code and data as scheduled on November 10th (right after PacSec 2011) unless the TOR foundation recommends to wait a little bit more. As researchers and hackers we just need our contribution to be recognized. If it has helped finally to take part to the enhancement of overall TOR security, well we will proud of that.<br />
<br />
Special thanks to Dragos, Rodrigo and Filipe.<br />
<br />
Eric Filiol & Oluwaseun REMI-OMOSOWON<br />
<br />
Source:<a href="http://cvo-lab.blogspot.com/2011/11/let-us-stop-with-buzz-on-tor.html"> http://cvo-lab.blogspot.com/2011/11/let-us-stop-with-buzz-on-tor.html</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-85928452924094593492011-11-08T19:18:00.000-08:002011-11-08T19:22:33.296-08:00Metasploit Sighting: Exploiting iPhone<span class="Apple-style-span" style="color: #333333;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 16px;">Many security researchers use the Metaploit Framework for security proof of concepts and demonstrations. The following video shows Charlie Miller, @0xcharlie, using Metasploit's Meterpreter to handle a session from an exploited iPhone. In this video, Charlie navigates the iPhone's file system and downloads files to his local computer. Charlie found a flaw which allowed him to bypass Apple's coding signing requirements, which allowed him to run arbitrary code on the iPhone.</span></span><br />
<span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="Apple-style-span" style="line-height: 16px;"><br />
</span></span><br />
<span class="Apple-style-span" style="background-color: #f5faf0; color: #333333; font-family: Arial; line-height: 16px; text-align: left;">To see the video, please go to this link:</span><br />
<a href="https://community.rapid7.com/community/metasploit/blog/2011/11/08/metasploit-framework-sighting-exploiting-iphone">https://community.rapid7.com/community/metasploit/blog/2011/11/08/metasploit-framework-sighting-exploiting-iphone</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-2921034623754507272011-11-01T20:30:00.000-07:002011-11-01T20:30:17.696-07:00Toolkit cracks encrypted information on iOS 5 devicesElcomSoft updated the iOS Forensic Toolkit with iOS 5 support for recovering keychain information in iOS 5 devices.<br />
<br />
Providing near-instant forensic access to encrypted information stored
in the latest iPhone and iPad devices, iOS Forensic Toolkit enables
access to protected file system dumps extracted from supported Apple
devices even if the original device passcode is unknown.<br />
<br />
By performing a physical acquisition analysis of the device itself, the
toolkit offers instant access to all protected information including SMS
and email messages, call history, contacts and organizer data, Web
browsing history, voicemail and email accounts and settings, stored
logins and passwords, geolocation history and the original plain-text
user passcode.<br />
<br />
The tool can also perform logical acquisition of iOS devices, or provide forensic access to encrypted iOS file system dumps.<br />
<br />
The toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.<br />
<br />
With the release of iOS 5, Apple made some minor tweaks and some major
changes to data encryption. “There was no break-through in the iOS
security model”, says Andrey Belenko, ElcomSoft leading developer. “The
architectural changes are more of an evolution of the existing model.
However, we highly welcome these changes, as they present better
security to the end user. In particular, the number of keychain items
that can be decrypted without the passkey is now less than it used to
be. Device passcode is one of the hallmarks of Apple’s security model,
and they are expanding the use of it to cover more data than ever
before.”<br />
<br />
The Toolkit currently supports the following iOS devices:<br />
<ul>
<li>iPhone 3G</li>
<li>iPhone 3GS</li>
<li>iPhone 4 (GSM and CDMA models)</li>
<li>iPod Touch (3rd and 4th generations)</li>
<li>iPad (1st generation only).</li>
</ul>
<u>Read Full Article </u><br />
https://www.net-security.org/secworld.php?id=11867 <br />
<br />
<u>Information about toolkit </u><br />
http://www.elcomsoft.com/eift.html.Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-16026262618396091272011-11-01T20:15:00.001-07:002011-11-01T20:15:24.325-07:00Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine releasedThis VirtualBox-ready VM includes the latest Android malware analysis tools as follows:<br />
<ul>
<li>Androguard</li>
<li>Android sdk/ndk</li>
<li>APKInspector</li>
<li>Apktool</li>
<li>Axmlprinter</li>
<li>Ded</li>
<li>Dex2jar</li>
<li>DroidBox</li>
<li>Jad</li>
<li>Smali/Baksmali</li>
</ul>
A.R.E. is freely available from <a href="http://redmine.honeynet.org/projects/are/wiki">http://redmine.honeynet.org/projects/are/wiki</a><br />Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-36877141018952094692011-10-31T23:39:00.000-07:002011-10-31T23:39:06.142-07:00THC SSL DOSToday the German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.<br />
<br />
Technical details can be found at http://www.thc.org/thc-ssl-dos.<br />
<br />
“We decided to make the official release after realizing that this tool leaked to the public a couple of months ago” said a member of THC who wants to remain anonymous.<br />
<br />
The tool departs from traditional DDoS tools: It does not require any bandwidth and just a single attack computer (“bot”).<br />
<br />
“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using<br />
an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”, Says a THC member, referring to 3 major vulnerabilities disclosed in SSL over the past 3 years.<br />
<br />
Read full article:<br />
<a href="http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/">http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/</a><br />
<br />
To download:<br />
<a href="http://www.thc.org/thc-ssl-dos/">http://www.thc.org/thc-ssl-dos/</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-70191257596432395122011-10-12T02:31:00.000-07:002011-10-12T02:31:48.268-07:00OWASP Mantra Security Toolkit -3rdBeta<b>Mantra</b> is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. <b>Mantra</b> is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks. <br />
<br />
<b>Mantra</b> is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. <b>Mantra</b> is absolutely free of cost and takes no time for you to set up.<br />
<br />
The third beta of OWASP Mantra Security Toolkit has been released. One of the main features of this version is the multi-language support. Mantra now supports Hindi and Spanish, in addition to English. If you can give us a helping hand by translating Mantra into more languages, feel free to contact us and we will look forward to see you in Team Mantra. This version is based on Firefox 7.0.1 and comes with some new extensions which you will definitely find useful. One of the other changes is renaming the "Ayudha" menu back to "Tools". We all are comfortable with "Tools" and we decided to keep it intact. <br />
Download the file:<br />
<a href="http://www.getmantra.com/download/index.html">http://www.getmantra.com/download/index.html</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-71672974280319719342011-10-12T02:27:00.000-07:002011-10-12T02:27:27.292-07:00Backdoor Trojan alleged to have been created and used by German law enforcement authoritiesUnder German law, the police are allowed to use spyware to snoop on suspected criminals – but only under strict guidelines. The spyware must not alter any code on the suspect’s computer and safeguards must be put in place to prevent the Trojan being subverted to include additional functionality.<br />
<br />
The Chaos Computer Club (CCC) has announced the discovery of a backdoor Trojan horse that is capable of spying on online activity such as recording Skype conversations and monitoring online behaviour. The CCC implies that the malware was created for, and is being used by, German law enforcement authorities such as the BKA and LKA.<br />
<br />
Sophos’s analysis of the malware confirms that it has the following functionality:<br />
* The Trojan can eavesdrop on several communication applications - including Skype, MSN Messenger and Yahoo Messenger<br />
* The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey<br />
* The Trojan can take JPEG screenshots of what appears on users' screens and record Skype audio calls<br />
* The Trojan attempts to communicate with a remote website<br />
<br />
“While it’s not possible to *prove* who authored the malware, it’s beginning to look more and more likely that the German authorities were involved,” said Graham Cluley, senior technology consultant at Sophos. “The malware targets Windows computers and to become infected, you typically might receive an email containing an attached file, or a link to the web which would then infect the computer. SophosLabs detects all malware that we know about – regardless of who the author might be. So whether this malware is state-sponsored or not, we’ve added protection against this attack.”<br />
<br />
Source: <a href="http://www.securitypark.co.uk/security_article266852.html">SecurityPark</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-16488360356733567092011-10-10T22:40:00.000-07:002011-10-10T22:40:39.519-07:00Facebook's URL scanner is vulnerable to cloaking attacks<div class="first">Members of a hacking think-tank called Blackhat Academy claim that Facebook's URL scanning systems can be tricked into thinking malicious pages are clean by using simple content cloaking techniques. </div>Such attacks involve Web pages filtering out requests that come from specific clients and feeding them content that is different from what is displayed to regular users. <br />
Attackers have been using this method to poison search results on Google for years now by serving keyword-filled pages to its indexing robot, but redirecting visitors to malware when they click on the links. However, it turns out that Facebook is also vulnerable to this type of content forging. "Hatter," one of the Blackhat Academy members, provided a live demonstration, which involved posting the URL to a JPEG file on a wall. <br />
Facebook crawled the URL and added a thumbnail image to the wall post, however, clicking on its corresponding link actually redirected users to YouTube. This happened because the destination page was able to identify Facebook's original request and served a JPEG file.<br />
<br />
"While most major sites that allow link submission are vulnerable to this method, sites including Websense, Google+ and Facebook make the requests easily identifiable," the Blackhat Academy hackers said. <br />
"These sites send an initial request to the link in order to store a mirror thumbnail of the image, or a snapshot of the website being linked to. In doing so, many use a custom user agent, or have IP addresses that resolve to a consistent domain name," they explained. <br />
Earlier this week, Facebook signed a partnership with Websense to use the security vendor's cloud-based, real-time Web scanner for malicious URL detection. Blackhat Academy has now provided <a href="http://www.blackhatacademy.org/security101/index.php?title=Facebook#Content_Forgery">proof-of-concept code</a>, which, according to its advisory, can be used to bypass it. <br />
Websense doesn't believe that to be the case. "This is nothing new. We use numerous methodologies and systems to ensure that our analysis of content (in real time) is not manipulated by malware authors, including using IP addresses not attributable to Websense so that malware authors are unaware that it is Websense analyzing the content," the company said. <br />
"Also, the Websense ThreatSeeker Network is fed via an opt-in feedback loop from tens of thousands of customers distributed globally. These IPs are also not attributable to Websense.com. It is because of technologies like this that Facebook chose Websense to provide protection for their growing user base of more than 750 million users," it added. <br />
That could well be true, but it's worth keeping in mind that Websense primarily sells security solutions to businesses and Facebook is usually blocked on many corporate networks. It would be logical to assume that relying on its customers' appliances to scan URLs on the social networking website might not have an immediate impact. <br />
Hatter says that as a security research outfit Blackhat Academy follows responsible disclosure and notified Facebook of the content cloaking issue at the end of July. Despite this, the method still works.<br />
<br />
"We're well aware of the content forgery technique described and have built protections into our systems to account for it," a Facebook spokesman said via email. <br />
"The content returned when we crawl a shared link is only one of many signals we use to combat spam and abuse on Facebook. We know that this content can change between visits, and therefore can't always be trusted, and our systems account for that," he added. <br />
Earlier this year, Facebook signed a partnership with Web of Trust (WOT), an organization that maintains a community-driven spam URL block list. However, it's well-known that blacklisting is not very efficient and there can be a significant window of exposure between the time when a URL starts being spammed and the time when it's flagged by such a system. <br />
At the very least, content cloaking can be a powerful social engineering technique. A link with a .jpg termination accompanied by a thumbnail can look harmless enough to trick a lot of users into clicking on it.<br />
<br />
Facebook and Websense are not the only ones with this problem. Google+ and Digg are also vulnerable to cloaking attacks, but other sites such as Twitter have developed strong protections against them. <br />
<br />
<br />
Source: <a href="http://www.networkworld.com/news/2011/100711-facebooks-url-scanner-is-vulnerable-251737.html">http://www.networkworld.com/news/2011/100711-facebooks-url-scanner-is-vulnerable-251737.html</a>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0tag:blogger.com,1999:blog-30761105.post-61746053055889701832011-10-04T01:03:00.000-07:002011-10-04T01:03:34.467-07:00OWASP Zed Attack Proxy (ZAP) 1.33The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. <br />
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. <br />
The current version of ZAP is is <strong><a href="http://code.google.com/p/zaproxy/wiki/HelpReleases1_3_3">1.3.3</a></strong><br />
<br />
<strong>For more information about ZAProxy:</strong><br />
<strong style="font-weight: normal;"><a href="http://code.google.com/p/zaproxy/">http://code.google.com/p/zaproxy/</a> </strong>Johncrackernethttp://www.blogger.com/profile/08784328987634723272noreply@blogger.com0