Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco Telnet DoS Vulnerability / Suspicious GIF files being mailed? / Paranoia, the right dosage

Published: 2004-08-27
Last Updated: 2004-08-27 23:22:44 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Cisco Telnet DoS Vulnerability

Cisco released information about a vulnerability where they advise their customers to protect themselves from an actively used technique that prohibits network based administrative connections to their devices.

We released an initial warning this morning, to allow those needing the extra time to plan for this one.

This vulnerability should not affect the data flowing through the router.

Read more:
http://www.cisco.com/en/US/products/products_security_advisory09186a00802acbf6.shtml

Suggested defensive actions:

- upgrade

- filter telnet connections using access control lists

- remove telnet support and switch to ssh (highly recommended anyway)

Suspicious GIF files being mailed?

There are an increasing amount of suspicious gif attachments to email reported to us.

The filenames 1.gif and 2.gif seem to be popular, but it looks like the exploit isn't in the gifs, but rather in the body of the message that tries to download from a -currently down- website.

The reports so far indicate outlook warns about ActiveX permissions, but that might not be the case in all instances.

Our best preventive advise would be to disable preview panes in outlook, keep anti-virus software up to date at all times, and perhaps consider to return email to plain text as much as possible both when sending and receiving messages.

Paranoia, the right dosage

At the ISC we get all sorts of messages, what stood out today to me was the need for the right level of paranoia.

It seems to be hard for individuals and organizations to have the right dose of paranoia. E.g. when dealing with phishing scams individuals being targeted could use a lot more paranoia; even security experts every so often could use more paranoia and be wearier of things happening to them.

From a security point of view things might lead to a "can't have enough paranoia" statement.

That's where I think we need to disagree and I think we need to have even in the information security world a point where we do trust our suppliers, partners to do the right thing.

The reasoning that leads to too much paranoia often also leads in the information security world to an imbalance between the 3 pillars information security is built on: Confidentiality, Integrity and Availability.
We shouldn't sacrifice all availability for a bit more confidentiality. In the end information security needs to support the business, not cripple it.

I include myself among those sometimes having the wrong level of paranoia, but knowing it allows you to correct it a bit faster.

--

Swa Frantzen
Keywords:
0 comment(s)
Diary Archives