Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Nmap 5.50 Released

Published: 2011-01-28
Last Updated: 2011-01-28 21:50:09 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

A new update of one of the handlers' favourite tool was released today. "A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers, FTP, and now even Gopher servers!"

Check out the change log here for the list of all changes and new features. The new update is available as binary packages for Linux, Mac and Windows as well as the source code can be downloaded here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: Nmap
1 comment(s)

OpenOffice Security Fixes

Published: 2011-01-28
Last Updated: 2011-01-28 13:04:20 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

OpenOffice.org has released several security bulletins affecting various components of OpenOffice. Some of these security issues may allow remote unprivileged user to execute arbitrary code.

The following CVEs have been assigned to the list of issues affecting OpenOffice:

CVE-2010-2935 CVE-2010-2936 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-3702 CVE-2010-3704 CVE-2010-4008 CVE-2010-4253 CVE-2010-4494  CVE-2010-4643

The following versions are affected by these bulletins:

- All versions of OpenOffice.org 3 prior to version 3.3
- All versions of OpenOffice.org 2
- OpenOffice.org stated that earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.

All the bulletins are posted here.
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: OpenOffice
0 comment(s)

Egypt offline

Published: 2011-01-28
Last Updated: 2011-01-28 09:08:50 UTC
by Mark Hofman (Version: 1)
7 comment(s)

 Most of you will be aware that the domestic situation in Egypt is a tad volatile.  We certainly do not get into the politics of things, however one event earlier today bears commenting on and that is the complete and utter shutdown of all internet connectivity in Egypt.  

Try and resolve any .eg site and you will receive .... nothing. 

To my knowledge this is unprecedented.  The main stream press is reporting that this is mainly because the unrest is being organised using twitter, SMS and other online services.  Similar to the events in Iran during the elections last year.  

From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed

dnstracer www.eeaa.gov.eg  

Tracing to www.eeaa.gov.eg[a] 

|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * * 
|___ RIP.PSG.COM [gov.eg] (147.28.0.39) 
|     |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)
|      ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address) 

So how is access denied to a whole country?  BGPMON (http://bgpmon.net/blog/?p=450) reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet.  Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government. 

Feel free to comment, but please keep comments apolitical. 

Cheers

Mark 

Keywords:
7 comment(s)
Diary Archives