Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DateAuthorTitle

HP STORAGEWORKS MSA G3 P2000 DEFAULT PASSWORD

2010-12-15Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

HP

2014-09-19/a>Guy BruneauPHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22/a>Richard PorterPHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-22/a>Richard PorterPHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04/a>Stephen HallPHP 5.4.27 released
2014-03-27/a>Alex StanfordMass XSSodus in PHP
2013-10-25/a>Johannes UllrichPHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24/a>Johannes UllrichFalse Positive: php.net Malware Alert
2013-09-19/a>Bojan ZdrnjaArrays in requests, PHP and DedeCMS
2013-08-11/a>Bojan ZdrnjaXATattacks (attacks on xat.com)
2013-08-04/a>Johannes UllrichBBCode tag "[php]" used to inject php code
2013-06-07/a>Daniel WesemannPHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-27/a>Tony CarothersHP JetDirect Vulnerabilities Discussed
2013-01-17/a>Russ McReePHP 5.4.11 and PHP 5.3.21 released
2012-09-19/a>Russ McReeScript kiddie scavenging with Shellbot.S
2012-06-14/a>Johannes UllrichPHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08/a>Kevin ListonPHP 5.4.3 and PHP 5.3.13 Released
2012-04-12/a>Guy BruneauHP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-05/a>Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2012-03-07/a>Johannes UllrichWhat happened to RFI attacks?
2012-02-16/a>Johannes UllrichAdobe Flash Player Update
2012-02-07/a>Johannes UllrichSecure E-Mail Access
2012-02-03/a>Guy BruneauPHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-02-03/a>Johannes UllrichCritical PHP bug patched
2012-01-16/a>Kevin Shorttphp 5.3.9 released -Jan-10-2011
2012-01-12/a>Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-11-29/a>John BambenekHacking HP Printers for Fun and Profit
2011-08-22/a>Jim ClausingDO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18/a>Rob VandenBrinkPHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2011-03-07/a>Johannes UllrichOutbound SSH Traffic from HP Virtual Connect Blades
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-08-31/a>Bojan ZdrnjaInteresting PHP injection
2010-08-10/a>Daniel WesemannSSH - new brute force tool?
2010-07-04/a>Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14/a>Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-05-23/a>Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27/a>Guy BruneauPHP 5.2.13 Security Update
2010-01-29/a>Johannes UllrichAnalyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28/a>Johannes Ullrich8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20/a>Mark Hofman PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01/a>Deborah HaleWebsite Warnings
2009-06-26/a>Mark HofmanPHPMYADMIN scans
2009-06-24/a>Kyle HaugsnessExploit tools are publicly available for phpMyAdmin
2009-06-21/a>Scott FendleyphpMyAdmin Scans
2009-04-07/a>Johannes UllrichCommon Apache Misconception
2009-02-06/a>Adrien de BeaupreTime to patch your HP printers
2009-02-03/a>Swa FrantzenOn the importance of patching fast
2008-12-10/a>Stephen HallPHP Group has released PHP version 5.2.8
2008-09-09/a>Swa Frantzenwordpress upgrade
2008-08-19/a>Johannes UllrichA morning stroll through my web logs
2008-05-05/a>John BambenekPHP 5.2.6 out w/ security updates
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2006-12-24/a>Swa FrantzenphpBB 2.0.22 - upgrade time
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-13/a>Swa FrantzenPHP - shared hosters, take note.

STORAGEWORKS

2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

MSA

2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

G3

2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

P2000

2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

DEFAULT

2013-03-05/a>Mark HofmanIPv6 Focus Month: Device Defaults
2011-05-30/a>Johannes UllrichAllied Telesis Passwords Leaked
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user

PASSWORD

2014-09-19/a>Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>Richard PorterOCLHashCat 1.30 Released
2014-08-06/a>Johannes UllrichAll Passwords have been lost: What's next?
2014-05-22/a>Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)
2013-11-22/a>Rick WannerTales of Password Reuse
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-06-11/a>Swa FrantzenStore passwords the right way in your application
2013-05-14/a>Jim ClausingSo what passwords are those ssh scanners trying?
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-04/a>Daniel WesemannBlue for Reset?
2012-11-15/a>Jim ClausingAnother month another password disclosure breach
2012-07-16/a>Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06/a>Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-01-03/a>Rick WannerAnalysis of the Stratfor Password List
2011-10-10/a>Tom ListonWhat's In A Name?
2011-08-10/a>Johannes UllrichTheoretical and Practical Password Entropy
2011-06-28/a>Johannes UllrichHashing Passwords
2011-05-30/a>Johannes UllrichAllied Telesis Passwords Leaked
2010-12-28/a>John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>Deborah HaleGawker Media Breach of Security
2010-11-26/a>Mark HofmanUsing password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>Mark HofmanFTP Brute Password guessing attacks
2010-02-25/a>Chris CarboniPass The Hash
2010-02-02/a>Johannes UllrichTwitter Mass Password Reset due to Phishing
2009-12-04/a>Daniel WesemannThe economics of security advice (MSFT research paper)
2009-11-02/a>Daniel WesemannPassword rules: Change them every 25 years
2009-10-23/a>Johannes UllrichLittle new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2008-09-22/a>Jim ClausingLessons learned from the Palin (and other) account hijacks