Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DSL Reports advise 9,000 accounts were compromised

Published: 2011-04-28
Last Updated: 2011-04-28 23:11:40 UTC
by Chris Mohan (Version: 1)
2 comment(s)

 

The web site www.dslreports.com has sent out an email notification that around 9,000 accounts have been compromised.

The site has a write up of the incident here: http://www.dslreports.com/forum/r25793356-site-user-password-intrusion-info

 

Thank you to ISC reader Alan for passing this on.

 

Chris Mohan --- Internet Storm Center Handler on Duty

2 comment(s)

VMware ESXi 4.1 Security and Firmware Updates

Published: 2011-04-28
Last Updated: 2011-04-28 17:23:27 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

The patch resolves several security issues (CVE-2011-1786, CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021, and CVE-2011-1785) affecting OpenLDAP and KRB5.

The full list of issues fixed with patch ESXi410-201104401-SG is available here and the patch can be downloaded here.

[1] http://kb.vmware.com/kb/1035108
[2] http://www.vmware.com/patch/download/
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: ESXi kb1035108 VMWare
0 comment(s)

McAfee VirusScan Enterprise: False Positive Detection Generic.dx!yxk in DAT 6329

Published: 2011-04-28
Last Updated: 2011-04-28 12:26:24 UTC
by Chris Mohan (Version: 1)
0 comment(s)

 

McAfee Labs have issued an alert that McAfee VirusScan DAT file 6329 is returning a false positive for spsgui.exe. This is impacting SAP telephone connectivity functionality.


McAfee have a work around for the issue documented in KB71739 https://kc.mcafee.com/corporate/index?page=content&id=KB71739

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords:
0 comment(s)

Gathering and use of location information fears - or is it all a bit too late

Published: 2011-04-28
Last Updated: 2011-04-28 02:25:24 UTC
by Chris Mohan (Version: 1)
7 comment(s)

With all the excitement in the media at the moment about vendors being able to track our every move*, Apple have released Q&A [1] on what data they actually track on the iPhone.

It's an interesting enough read and may calm the fears of some of being tracked. Or perhaps not.

The Internet Storm Center has published a number of stories on data being collected, in a delightful variety of ingenious ways, then sold to marketers to gain a better insight in to how to get the consumer to spend more money. This wealth of information from raw data has huge applications and, as an example, the Dutch Police took the initiative. They bought data from TomTom to place speed traps and cameras [2], which is a very sneaky idea and much more accurate for revenue generation that building them on busy roads. In case you were attempting new land speed records on Dutch roads, all the data purchase was anonymous, so you're safe from the digital arm of the law...

The part of this story that is thought-provoking comes from customer pressure on TomTom to stop doing this. TomTom have agreed and changed their policy on-selling the traffic data.

 When many raise their voices in complaint, threaten to leave the service and create negative publicity does it make a different to the mega corporations? Or have we simply lost this battle all ready as we signed, check-boxed or clicked "agree" a EULA [3] giving our acceptance to track, monitor, use and sell any data generated.

 I'll leave it up to you to decide if consumer power is one thing that can make a difference once you discover something is tracking your every move.

Of course, if you constantly updating your location in FourSquare, Facebook, Twitter et al while using your loyalty cards then you may not care in the first place.

[1] http://www.apple.com/pr/library/2011/04/27location_qa.html

 [2] http://www.engadget.com/2011/04/27/tomtom-user-data-sold-to-danish-police-used-to-determine-ideal/

 [3] http://www.webopedia.com/TERM/E/EULA.html

 

*Fancy that - I mean it's not like I'm carrying at least two items that bleat out my location every few seconds that are designed so people can get in contact wherever I am. Plus I pay a small fortune for the privilege to own the lovely, shiny devices - I could be my own privacy's own worst enemy. Hmmm.

Chris Mohan --- Internet Storm Center Handler on Duty

7 comment(s)

Cisco Security Advisories

Published: 2011-04-28
Last Updated: 2011-04-28 00:11:12 UTC
by Chris Mohan (Version: 1)
0 comment(s)

Two Cisco security advisories have been published: Multiple Vulnerabilities in Cisco Unified Communications Manager and Cisco Wireless LAN Controllers Denial of Service Vulnerability


The details below have been taken from the Cisco's advisories:


Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

Document ID: 112878

Advisory ID: cisco-sa-20110427-cucm

Revision 1.0

For Public Release 2011 April 27 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities:

 * Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services
 * Directory transversal vulnerability
 * Two (2) SQL injection vulnerabilities

Cisco has released free software updates for affected Cisco Unified Communications Manager versions to address the vulnerabilities. A workaround exists only for the SIP DoS vulnerabilities.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml
 

Affected Products
=================

Vulnerable Products
+------------------

The following products are affected by at least one of the vulnerabilities that are described in this advisory:

 * Cisco Unified Communications Manager 6.x
 * Cisco Unified Communications Manager 7.x
 * Cisco Unified Communications Manager 8.x

Note: Cisco Unified Communications Manager version 5.1 reached end of software maintenance on February 13, 2010. Customers who are using Cisco Unified Communications Manager 5.x versions should contact your Cisco support team for assistance in upgrading to a supported version of Cisco Unified Communications Manager.

Products Confirmed Not Vulnerable
+--------------------------------

Cisco Unified Communications Manager version 4.x is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.



Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability


Document ID: 112916

Advisory ID: cisco-sa-20110427-wlc

Revision 1.0

For Public Release 2011 April 27 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated
attacker could cause a device reload by sending a series of ICMP packets.

Cisco has released free software updates that address this vulnerability.

There are no available workarounds to mitigate this vulnerability.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml
 


Affected Products
=================

Vulnerable Products
+------------------

This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in
this Security Advisory:

 * Cisco 2100 Series Wireless LAN Controllers
 * Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
 * Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
 * Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

   Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following
   document for more information:

   http://www.cisco.com/en/US/prod/collateral/modules/ps2797/prod_end-of-life_notice0900aecd806aeb34.html
 

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: Cisco Advisories
0 comment(s)
Diary Archives