InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-11-21

CA BrightStor ARCserve Backup 11.5 remote vulnerability

Published: 2006-11-21
Last Updated: 2006-11-22 16:14:24 UTC
by Jason Lam (Version: 2)

A new remote code execution vulnerability on ARCServe Backup version 11.5 has been released today. The vulnerability exploits the handling of RPC requests on port 6502. There currently is no vendor patch available.

Note: The earlier post about PoC code is found to be for an older ARCServe vulnerability. We do not know of any PoC code at this point.

-------------------
Jason Lam, jason /at/ networksec.org

Keywords:

0 comment(s)

Week of Oracle 0-Day

Published: 2006-11-21
Last Updated: 2006-11-22 15:08:25 UTC
by Jason Lam (Version: 2)

0 comment(s)

Cesar of Argeniss Information Security has announced they will be publishing a 0-day vulnerability each day during a week in December. Looks like the Oracle world will soon get some excitement (Get ready to patch). It would be interesting to see if Oracle would have to deal with these using out of schedule patches.

----------------
Jason Lam, jason /at/ networksec.org

Keywords:

0 comment(s)

Online backup strategy

Published: 2006-11-21
Last Updated: 2006-11-22 00:22:30 UTC
by Jason Lam (Version: 1)

0 comment(s)

Availability is one of the three key aspects of information security, it is also the most often neglected aspect. To safeguard against data lost due to harddisk crashes, backup is absolutely necessary. The backup idea is simple, just make a duplicate copy of the data and store it somewhere safe and ensure you can access the backup data when you need it. This simple idea is actually difficult to implement, cost of backup media and equipment, safe transport of media to the "safe" place, scheduling the backup job regularly, etc.... Things are even worst for home and small business users who have limited knowledge and resource. There are quite a few online storage companies marketing their solution as secure online backup solution. One company even offers 25GB of free storage space for anyone to store their files online.

The online backup vendors seem to all claim themselves as very secure and can protect your data properly. A lot of them simply copy your files via an SSL tunnel to their datacenter and store the file as is. Not sure how you like the idea of some other companies storing your important (sensitive) files and have access to them. I personally dislike that idea a lot and I think data should be encrypted before shipping over to the backup location.

There are some solutions that encrypt the data before shipping it over to the datacenter, making it impossible even for the online storage vendors to read your content (if the client hasn't been backdoor that is). While choosing an online backup vendor, be sure to look for encryption capability, encryption before you send them the data, that is.

Make sure you also periodically check to see if you can retrieve the data (unencrypt the data). For the encryption key, either select something that you can remember real well or have a copy of the key available somewhere. For the forgetful readers, you might want to consider copying the encryption key on a USB key drive and put that in your safety deposit box or other safe location (outside of your primary residence/office).

With the technology available today, backup is real easy and cheap. However, you must do some proper planning to ensure your backup data is safe and sound, most importantly, available when you need them.

You might also want to review our previous stories about backup:

http://isc.sans.org/diary.php?storyid=1589

http://isc.sans.org/diary.php?storyid=702

---------------------------------------
Jason Lam, jason /at/ networksec.org

Keywords:

0 comment(s)

Join us at SANS! SANS SEC401: Security Essentials Bootcamp Style. Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work.