Last Updated: 2012-03-01 05:10:08 UTC
by Russ McRee (Version: 1)
Cisco has issued five security advisories today, including:
- Cisco Cius Denial of Service Vulnerability
- Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
- Multiple Vulnerabilities in Cisco Unity Connection
- Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
Adverse conditions include DoS, directory traversal, command injection, unauthenticated upload, privilege escalation, and protocol manipulation. Test and update as appropriate.
[Update (JBU) ] The "Skinny" vulnerability sounds interesting as it does allow the execution of SQL code on the device. SQL injection via Skinny is certainly an interesting attack vector. Another more serious vulnerability is the configuration access problem and access control bypass in wireless LAN controllers.
Last Updated: 2012-02-29 21:28:53 UTC
by Adam Swanger (Version: 1)
Previously we featured the 404Project https://isc.sans.edu/diary/ISC+Feature+of+the+Week+The+404Project/12415 As we mentioned, the main purpose of this project is to trend the web pages crawlers and automated bots are trying to access.
We've had a good number of submitters add this script to their error page and have been collecting data for a while now. We made a few summary reports to get started trending the information. The project has been moved to its own space but the old pages should still get you to https://isc.sans.edu/404project/.
The summary reports can be viewed at https://isc.sans.edu/404project/reports.html. The page is generated once a day for the previous day's data. The tables have descriptions for each field so I will just list them and summarize here.
- Complete summary totals for the given date
Top 10 Submitted URLs
- Note the percentage is based on the max a particular URL has been submitted meaning if the submissions that particular day have been the most ever, the graphic will be out at 100%
Top 10 User Agents Submitting
- User Agents with counts and unique submitters and URLs
We've also added a couple API interfaces if you'd like to view previous data.
- Each days totals. Accepts date and limit.
- Each days details. Accepts date and limit. (Look for more fields output in the future)
Let us know in the section below if you have suggestion or feedback about these preliminary reports or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html
Adam Swanger, Web Developer (GWEB)
Internet Storm Center (http://isc.sans.edu)
Last Updated: 2012-02-29 17:56:22 UTC
by Johannes Ullrich (Version: 1)
Based on submissions from users, and reports posted on twitter, COX appears to experience a major outage affecting it's data services. For VoIP customers, voice service appears to be affected as well.