Webspeedway specializes in providing proactive solutions to mitigate the risks of downtime, data loss, e-mail viruses and the many other threats to your business systems. Webspeedway provides the services of a Fortune 500 IT department, including 24 x 7 monitoring and on-site support, all at a fraction of the cost of even one employee.
Goto www.webspeedway.com today to learn about their cost-effective IT management solutions for your business.
Community SANS Atlanta 2010 Spring Schedule has been posted. There are 5 classes currently being offered. Leading off with Scott Moulton’s SEC606.
SEC-606: Drive and Data Recovery Forensics 2/9/10 to 2/13/10
SEC-502: Perimeter Protection In-Depth 2/22/10 to 2/27/10
AUD-507: Auditing Networks, Perimeters, and Systems 3/15/10 to 3/20/10
MGT-512: SANS Security Leadership Essentials For Managers with Knowledge Compression 4/15/10 to 4/21/10
SEC-566: 20 Critical Security Controls – In Depth 5/17/10 to 5/21/10
Go online to register by emailing sales@sans.org or call (301) 654-SANS(7267).
Vulnerabilities of Interest:
- IBM Tivoli Storage Manager is prone to multiple vulnerabilities with multiple buffer-overflow issues and multiple unauthorized-access issues. Exploiting these issues to cause a denial-of-service condition, code execution, as well as the ability to read, copy, edit, or delete files on a victim’s computer. Core Security has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. A Metasploit exploit module is available.
- PHP is subject to an ‘open_basedir’ restriction-bypass vulnerability because of a design error. This vulnerability could be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, ‘open_basedir’ restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. Attackers may exploit these issues by crafting and executing standard PHP code. Exploits are available in the wild.
- HP Operations Manager is subject to a remote unauthorized-access vulnerability that could allow uploading and execution of code with SYSTEM-level permissions. Operations Manager 8.1 for Windows is vulnerable; other versions may also be vulnerabl. Attackers can use readily available tools to exploit this issue. Core Security has a working commercial exploit for its CORE IMPACT product. Additionally, a working commercial exploit is available through VUPEN Security – Exploit and PoCs Service.
- The JEEMA Article Collection component for Joomla! is subject to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could result compromising the application, access or modify data in the underlying database. URL example: http://www.example.com/index.php?view=longview&catid=null/**/union/**/select/**/concat(username,0x3a,password),2/**/from/**/jos_users&Itemid=107&option=com_jeemaarticlecollection
- Simple PHP Blog is subject to a local file-include vulnerability because it fails to properly sanitize user-supplied input. This can be leveraged to obtain potentially information or to execute local scripts in the context of the webserver process. Additionally, this may allow a compromise of the application and the underlying computer; other attacks are also possible. Simple PHP Blog 0.5.1 is vulnerable; other versions may also be affected. Exploit code is available in the wild.
News item 1: http://online.wsj.com/article/SB126102247889095011.html?mod=googlenews_wsj
The Wall Street Journal is reporting the insurgents in Iraq have been able to use $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones. U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s
News item 2: http://blogs.computerworld.com/15234/google_ceo_if_you_want_privacy_do_you_have_something_to_hide
Apparently, Eric Schmidt CEO Google said while appearing on CNBC … “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Suggesting that folks seeking privacy might not want to look to the Internet to find it.
EFF’s Richard Esguerra reminds us why we should care:
Schmidt’s statement makes it seem as if Google … is not even concerned enough to understand basic lessons about privacy and why it’s important. … Schmidt’s statement is painfully similar to the tired adage of pro-surveillance advocates that incorrectly presume that privacy’s only function is to obscure lawbreaking: “If you’ve done nothing wrong, you’ve got nothing to worry about.”
…
News item 3: http://news.cnet.com/8301-13506_3-10416383-17.html?part=rss&subj=news&tag=2547-1_3-0-20
Career site Glassdoor.com has announced the employees’ choice awards for the top 50 best places to work. No tech companies made the top five, but according to Glassdoor, Southwest Airlines, General Mills, Slalom Consulting, Bain & Co., and McKinsey & Co. were the best places to work this year. Only General Mills and Bain & Co. were in the top five last year.
On the tech side, it was enterprise-solution provider Juniper Networks that led the way for the industry, placing 10th in the list with a 3.9 (out of 5) company rating from employees. Google placed 14th with a 3.9 rating, followed by NetApp, which also received a 3.9 rating. Last year, Google was ranked seventh on the list. NetApp was ranked 10th.
Some other tech notables from the list: Apple placed 22nd with a 3.8 company rating, which is a little lower than last year’s 19th place. Online career site CareerBuilder took the 26th spot with a 3.7 rating. The site experienced a steep decline, dropping eight spots from its 2008 ranking of 18th.
Companies that have offices in Atlanta:
News item 4: http://www.heraldtribune.com/article/20091223/ARTICLE/912231066?Title=U-S-faces-shortage-of-cyber-defenders
Apparently the federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policy-makers, at a time when network attacks are rising in frequency and sophistication.
Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality.
The Examiner is reporting that less than 24 hours after her sudden death, hackers and spammers had already begun using her name in poisoned search results and spam messages. They used SEO techniques to move their malicious links to the top of the search results for her name and keywords related to her and her death. When clicked on the links led to sites that attempted to download fake anti-virus software onto the visitor’s computer.
News item 6: http://www.networkworld.com/community/node/49237
Network World has an article on the Obama appointment of Howard Schmidt to become the nations first Cybersecurity Coordinator. Schmidt will report to the National Security Council (NSC) and National Economic Council (NEC).
The article asks the question if Schmidt is the right person for this job? They state that Schmidt has experience at US-CERT, DHS, the U.S. Air Force, the White House, Microsoft, and eBay. He is also a well respected father figure in the security industry. The article goes on to state that Schmidt must begin to address several major challenges such as:
1. Sophisticated adversaries. On the day that Schmidt was announced, the major security story centered on a multi-million dollar cybersecurity attack of Citigroup last summer. Citigroup is no security lightweight so if its systems can be compromised there are a lot of sitting ducks out there. Cyberwar is a real threat in the next decade.
2. A cybersecurity hot potato. As of this writing, there are a number of cybersecurity bills in committee and a lot of rhetoric on the Hill. Meanwhile, DHS, DOD, and NSA have complementary and competitive cybersecurity roles that need to be ironed out. There has also been massive spending on cybersecurity — some useful and some wasteful. We desperately need a non-elected leader to seperate cybersecurity needs from politics and pork.
3. A real lack of knowledge. Cybersecurity knowledge is in short supply. Business guys know they need to do something but are unsure what to do. Technologists often look at security in myopic terms related to IT. Consumers haven’t a clue. We need a federally-driven education program that spans public awareness campaigns all the way through scholarships and continuing education.
DC404 Meeting report:
While at the DC404 meeting on Saturday, we were privileged to have CEO Nick Owen from WikiD Systens discuss his companies product. Nick began by giving us an overview of how WikiD works. Which begins with a user selecting the domain they wish to use and enters the PIN into their WiKID Two-factor client. It is encrypted with the WiKID Server’s public key – assuring that only that server can decrypt it with its private key. If the server can decrypt the PIN and it is correct and the account is active, it generates the one-time passcode (OTP) and encrypts it with the client’s public key. The user then enters their username and the OTP into whatever service they are using, a VPN e.g., which forwards it to the WiKID Server for validation.
He then touched on the WiKID supported operating systems which includes Windows, Mac, Linux, J2ME, PocketPC/SmartPhone/Windows Mobile or Blackberry. Finally, he discussed the network clients that WiKID supports such as RADIUS, LDAP, and SSL via both a Java bean and a COM object. He also indicated that they have plug-ins for Juniper (formerly Funk) Steel Belted Radius and Citrix Web Interface.
Over all, WikiD looked interesting and is probably something that we should look into.