Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Sun ONE Messaging Server Vulnerability; Weaknesses in Wireless LAN Session Containment; Credit Card Breach - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sun ONE Messaging Server Vulnerability; Weaknesses in Wireless LAN Session Containment; Credit Card Breach

Sun ONE Messaging Server Vulnerability



There is a vulnerability reported in Sun ONE Messaging Server (iPlanet Messaging Server) that may allow a remote user to execute arbitrary Javascript on the target user's system that is using Internet Explorer.



Sun is working on a fix. For the details, please refer to:


http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1

Weaknesses in Wireless LAN Session Containment



One of our handlers, Joshua wrote a paper regarding the session containment feature in various WLAN IDS products. Basically, depending on the implementation, an attacker can evade this feature, and can use the traffic to passively identify the WLAN IDS, which is helpful to decide what attacks can be used without being detected by the IDS.



Over the weekend, you can enjoy reading his paper at:


http://www.nwc.com/showArticle.jhtml?articleID=164302965&pgno=9

http://i.cmpnet.com/nc/1612/graphics/SessionContainment_file.pdf

Credit Card Breach



A few readers have submitted the news of a credit card breach that could potentially affect over 40 million card accounts.



Accordingly to the report, although the credit cards were compromised, the cards do not hold personal data such as social security numbers or birth dates and thus personal information are not at risk.

You can read the details at:


http://www.securityfocus.com/news/11219

http://news.com.com/2100-1029_3-5751886.html
Koon Yaw

68 Posts

Sign Up for Free or Log In to start participating in the conversation!