Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun ONE Messaging Server Vulnerability; Weaknesses in Wireless LAN Session Containment; Credit Card Breach

Published: 2005-06-18
Last Updated: 2005-06-18 19:39:00 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)

Sun ONE Messaging Server Vulnerability



There is a vulnerability reported in Sun ONE Messaging Server (iPlanet Messaging Server) that may allow a remote user to execute arbitrary Javascript on the target user's system that is using Internet Explorer.



Sun is working on a fix. For the details, please refer to:


http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1

Weaknesses in Wireless LAN Session Containment



One of our handlers, Joshua wrote a paper regarding the session containment feature in various WLAN IDS products. Basically, depending on the implementation, an attacker can evade this feature, and can use the traffic to passively identify the WLAN IDS, which is helpful to decide what attacks can be used without being detected by the IDS.



Over the weekend, you can enjoy reading his paper at:


http://www.nwc.com/showArticle.jhtml?articleID=164302965&pgno=9

http://i.cmpnet.com/nc/1612/graphics/SessionContainment_file.pdf

Credit Card Breach



A few readers have submitted the news of a credit card breach that could potentially affect over 40 million card accounts.



Accordingly to the report, although the credit cards were compromised, the cards do not hold personal data such as social security numbers or birth dates and thus personal information are not at risk.

You can read the details at:


http://www.securityfocus.com/news/11219

http://news.com.com/2100-1029_3-5751886.html
Keywords:
0 comment(s)
Diary Archives