01/17/10

Permalink 07:42:29 pm, by Zach Brewer, 90 words
Categories: General Security

New GMail Security

If you have a GMail account, you may have noticed the new "More GMail Security" link recently added by Google. One of the most notable changes is that GMail now forces HTTPS connections at login. This previously was an optional setting (off by default). I for one applaud GMail for making this simple but effective change. Forcing HTTPS prevents sniffing on untrusted networks as well as wireless session hijacking (aka "sidejacking") as discussed at BlackHat Vegas 2007 (Errata security's Ferret and Hamster tools). Now if other vendors will simply follow suit!

01/15/10

Permalink 08:12:31 pm, by Zach Brewer, 87 words
Categories: Security Advisories, General Security

IE 0-day Used in Attack on Google and Other Companies

Details about the targeted attack on Google (and 34 other firms) now include the use of an IE 0-day (CVE-2010-0249) in addition to known Acrobat vulnerabilities. Microsoft has released a related advisory and public exploit code is now available. This exploit will be increasingly used in drive-by attacks by malware authors. A patch is expected to be available on the next "patch Tuesday" (no out of band patch is expected to be released).

Details:

http://www.microsoft.com/technet/security/advisory/979352.mspx

http://www.securityfocus.com/bid/37815

01/12/10

Permalink 09:10:03 am, by Zach Brewer, 132 words
Categories: Security Advisories, General Security, Mac OS X

Multiple BSD Distributions dtoa.c (pdtoa.c) and 'gdtoa/misc.c' Memory Corruption Vulnerability

Several sources including SecurityFocus and SANS ISC are reporting BSD based distributions and other software, including Mac OSX 10.5 and 10.6, are vulnerable to CVE-2009-0689. The vulnerability is reported as both remotely and locally exploitable and because of the number of products that use these libraries, both the discovery of vulnerable products as well as patching efforts may be extensive.

As of this post, there is no OSX patch currently available for this vulnerability. Keep up to date on all software patches, particularly BSD based operating systems and other software identified in the CVE-2009-0689 security advisory. Additional mitigation procedures and other details will be posted as they become available.

Links:

http://isc.sans.org/diary.html?storyid=7942

http://www.securityfocus.com/bid/35510

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689

Permalink 09:07:50 am, by Fred Parks, 432 words
Categories: Cisco Security Agent

RHEL, CSA, & IPv6 Weirdness

Recently, I was tuning events in a CSA Management Center (version 6.01.117)  coming from a new RHEL5 server and I noticed something odd. Network Access Control rules that were triggering events on the RHEL box were showing IPv6 addresses in the event details even though IPv6 was not in use in this environment. Specifically, the machines initiating the network connections targeted at the RHEL box didn't even have the IPv6 protocol loaded but CSA was still sending back the event with both an IPv6 source and host address. Another odd thing was that there were existing allow rules in place that should have allowed the network traffic to go through based on IPv4 addressing but the agent appeared to ignore those allow rules.

 

Upon further research, I found that even though /etc/sysconfig/network file did have the NETWORKING_IPV6=no setting in it, the module for IPv6 was still being loaded by the system. I found a more thorough way if disabling IPv6 on the Red Hat knowledgebase site. After following the instructions below and rebooting the system, my rules started functioning as normal and no more weirdness ensued.

Check out Red Hat KB Article DOC-8711 for more details. Below is an excerpt from that article.

Disabling IPv6 Support Red Hat Enterprise Linux 5
If the following line exists in the /etc/modprobe.conf file, remove it:

alias net-pf-10 ipv6

Add the following line to the /etc/modprobe.conf file:

alias net-pf-10 off

In versions of Red Hat Enterprise Linux before 5.4, add the following line to the /etc/modprobe.conf file:
alias ipv6 off

In Red Hat Enterprise Linux 5.4 and later, add the following line to the /etc/modprobe.conf file:
options ipv6 disable=1

To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
NETWORKING_IPV6=no

For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
chkconfig ip6tables off

Once both the alias net-pf-10 off and alias ipv6 off lines are present in the /etc/modprobe.conf file and NETWORKING_IPV6=no is set in the /etc/sysconfig/network file, reboot the system to disable IPv6 support.


Re-enabling IPv6 Support Red Hat Enterprise Linux 5
To re-enable IPv6 on Red Hat Enterprise Linux 5 systems, remove the following lines from the  /etc/modprobe.conf file:

alias net-pf-10 off

alias ipv6 off


Set the following parameter in the /etc/sysconfig/network file:
NETWORKING_IPV6=yes

Re-enable ipv6tables by issuing the following command:
chkconfig ip6tables on

You must reboot the system to activate IPv6 support.


01/11/10

Permalink 06:21:10 pm, by Larry Boggis, 18 words
Categories: Pen Testing, Security Tools

BackTrack 4 Released

BackTrack 4 Final "pwnsauce" has been released.  ISO images and VMWare images are both available.

backtrack-linux blog

backtrack-linux downloads

 

<< 1 ... 6 7 8 9 10 11 12 13 14 15 16 ... 41 >>

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

Archives