Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-11-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fun - data integrity / PHP up to date ? / WINS

Published: 2004-11-28
Last Updated: 2004-11-29 05:39:32 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Fun ? data integrity

We got a report today that at first look seemed rather unlikely: Target was selling dope and prostitutes. After looking a bit deeper it turns out that the Target storefront is actually running on the Amazon database and that database has a book with ?Marijuana? as title and a VHS with ?Hooker? as title. On the Amazon storefront it looks funny, but on the Target storefront it?s almost hilarious.

It?s impossible for us to check if these items are real books and tapes or not, but it does bring up the subject of data integrity. Normally these things look relatively easy as long as you stay away from partners, vendors and the like. Once you get into them you must start to trust others, just like Amazon trusts its 3rd party vendors and like Target trusts Amazon. The trick isn?t as much ?how do you make sure you talk to the right person?, or that others can?t intercept or change the communication (VPN technology can solve that), but how do you guarantee that the changes you allow them to make are appropriate, fully checked, and that e.g. nobody enters a joke item in between the real ones?

I hope both Amazon and Target will eventually be able to laugh with it themselves.

http://www.target.com/gp/detail.html/?%5Fencoding=UTF8&asin=B00000I1F6


http://www.target.com/gp/detail.html/?%5Fencoding=UTF8&asin=0823916839


http://www.amazon.com/exec/obidos/ASIN/B00000I1F6/


http://www.amazon.com/exec/obidos/ASIN/0823916839/

PHP up to date?

As you read this, the thanksgiving weekend comes slowly to an end, perhaps it?s time to check your PHP version on your web servers, it?s just speculation so far, but fingers are being pointed at old versions of PHP as the weak point of some recent exploits of web sites.

http://www.php.net/

It can't hurt to make sure you're running a current version.
Versions 4.3.9 or 5.0.2 are current.

WINS

There is some activity with irresponsible released exploits against WINS. As a precaution till Microsoft gets a chance to release a patch for it, we can only reiterate the urgent and continued need to make sure you block the unneeded ports in your firewalls (either the XP2 or the corporate firewall). Ports 42, 137-139, 445 both TCP and UDP can be safely blocked for most applications.

So far we doubt this will be a huge thing, but we might be proven wrong. Still the only thing you can do is block the protocols, which you probably already did if you read this.

I?ll be the first to acknowledge that big vendors aren?t easy to get to move in order to release a patch for something you discovered in their product. Take on top of that, their legal and marketing spin once they finally do and most people will get frustrated by the process.

Still that?s no excuse to release attacking details without giving the world a chance to look into it and get ready for that newly created exploit. If the hackers out there are using it, you can?t really claim to have done it yourself, and if you?ve done it all, there?s not really that urgent a need to beat anybody to releasing the details, but an urge to get your 15 minutes of fame. My guess anyway.
Keywords:
0 comment(s)
Diary Archives