CISCO said IOS XR Software is Vulnerable

Cisco (NSDQ:CSCO) this week issued several new security advisories related to its content delivery system Internet streamer, Web management interfaces, IOS XR software platform and XR 12000 series shared port adapters. The updates, dated May 25, are the most recent batch from Cisco since warning users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers in late April. The updates detail several new vulnerabilities. According to Cisco, the Cisco Internet Streamer application, which is part of Cisco's Content Delivery System, has a vulnerability in its Web server component that causes the Web server to crash when processing specially crafted URLs. Cisco has issued a free software update to address it; workarounds are not available. The vulnerability affects system software version 2.5.7 or later on Cisco's Internet Streamer application. Cisco also disclosed vulnerabilities in its RVS4000 four-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit security routers which, according to Cisco, have "several Web interface vulnerabilities that can be exploited by a remote, unauthenticated user." Cisco released software to address each; affected lines are the Cisco RVS4000 Gigabit Security Router v1 and v2 and the Cisco WRVS4400N Wireless-N Gigabit Security Routers v1, v1.1 and v2. Cisco noted that both v1 and v1.1 of the WRVS4400N routers previously were made end-of-life and the company will not be making further firmware updates to either. Also disclosed this week were vulnerabilities to Cisco IOS XR Software releases 3.8.3, 3.8.4 and 3.9.1, whereby an unauthenticated, remote user can trigger vulnerabilities by sending specific IPv4 packets to or through an affected device. Doing so, Cisco noted, could cause the NetIO process to restart and could prompt the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router to reload. Cisco is releasing free Software Maintenance Units to address the problems, which affect any device running those versions of Cisco IOS XR Software with an IPv4 address configured on an interface of a Cisco Line Card or Cisco CRS MSC. There are more headaches for Cisco IOS XR Software, Cisco said, specifically versions 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2 and 4.1.0. All are affected by a vulnerability in which an unauthenticated, remote user could trigger a reload of a Shared Port Adapters (SPA) interface processor by sending specific IPv4 packets to an affected device. As in the previous advisory, Cisco released free Software Maintenance Units. The vulnerability affects any device running the aforementioned Cisco IOS XR releases with an SPA interface processor installed. The last of Cisco's May 25 updates is a Denial of Service (DoS) vulnerability found in Cisco IOS XR Software in the SSH application, specifically when SSH version 1 is used. The vulnerability, according to Cisco, is a result of unremoved sshd_lock files that consume all available space in the /tmp filesystem. Cisco has released free software updates to address the issue, which affects all unfixed versions of Cisco IOS XR Software devices configured to accept SSHv1 connections.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO said IOS XR Software is Vulnerable"https://www.voiceofgreyhat.com/2011/05/cisco-said-ios-xr-software-is.html</a>

Denial of Service Vulnerability in Cisco IOS Software IPv6

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

Note:- The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. 

Affected Products:-

Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is executed.

The show ipv6 interface brief command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios.

Sample output of the show ipv6 interface brief command on a system that is configured for IPv6 operation follows:-

router>show ipv6 interface brief 
FastEthernet0/0            [up/up]
    FE80::222:90FF:FEB0:1098
    2001:DB8:2:93::3
    200A:1::1
FastEthernet0/1            [up/up]
    FE80::222:90FF:FEB0:1099
    2001:DB8:2:94::1
Serial0/0/0                [down/down]
    unassigned
Serial0/0/0.4              [down/down]
    unassigned
Serial0/0/0.5              [down/down]
    unassigned
Serial0/0/0.6              [down/down]
    unassigned

Alternatively, the IPv6 protocol is enabled if the interface configuration command ipv6 address <IPv6 address> or ipv6 enable is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows:-

interface FastEthernet0/1
 ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
 ipv6 enable

A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets).

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated

 For Additional information click Here

-News Source (Cisco)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Denial of Service Vulnerability in Cisco IOS Software IPv6"https://www.voiceofgreyhat.com/2011/10/denial-of-service-vulnerability-in.html</a>

Cisco and NSS Labs still arguing firewall vulnerability test results

NSS Labs today is expected to say four out of five vendors -- Palo Alto Networks, Juniper, Fortinet and SonicWall -- whose firewall equipment it said was vulnerable to a hacker exploit have corrected the problem. The fifth, Cisco, maintains its ASA firewall isn't susceptible to the exploit known as the "TCP Split Handshake," which lets an attacker remotely fool the firewall into thinking an IP connection is a trusted one behind the firewall.

The discrepancy with Cisco was generated by a NSS Labs report last month that said five firewalls, including one from Cisco, were susceptible to the TCP Split Handshake attack. NSS Labs today will indicate that Cisco has, in its view, failed to remediate its ASA firewall for protection against TCP Split Handshake by default.

REPORT: Hacker 'handshake' hole found in common firewalls

Cisco, which from the start has denied NSS Labs' findings, says via a Cisco spokesman that its position "remains unchanged." Cisco does not believe the ASA device is susceptible to the TCP Split Handshake issue, including in its default configuration. Cisco said it is sharing the results of its internal investigations with customers wanting it. Cisco is the leading provider of firewalls on the market today.

"They spent two days in our lab and we showed them everything," says Rick Moy, president of NSS Labs, alluding to two separate visits that Cisco engineers made to work together with NSS Labs staff to test a few different types of ASA firewalls, one provided by Cisco and one bought by NSS Labs. "Their engineers agreed something was going on."

Vik Phatak, NSS Labs chief technology officer, says the crux of the matter, in his view, is that Cisco's approach to having ASA block the TCP Split Handshake relies on "using access-control lists to stop it in some cases. They're relying on customers following their best practices." But Phatak says there are "dozens if not hundreds of use cases" and Cisco ASA is "not stopping the handshake issue by default."

Phatak says setting up the firewall access-control lists in the way Cisco envisions to prevent this attack is not necessarily the type of configuration that would work for all enterprise customers. "It's a workaround," Phatak says about Cisco's approach to the TCP Split Handshake issue.

NSS Labs is expected to detail in its research update how Palo Alto Networks, Juniper, Fortinet and SonicWall have made changes, such as through patching, to prevent the attack by default. Phatak notes that NSS Labs may proceed in the future with more extensive testing of firewalls to determine whether there are any performance issues that arise because of the remediation.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco and NSS Labs still arguing firewall vulnerability test results"https://www.voiceofgreyhat.com/2011/05/cisco-and-nss-labs-still-arguing.html</a>

DDoS Vulnerability in Cisco Video Surveillance IP Cameras

Denial of Service Vulnerability found in Cisco Video Surveillance IP Cameras.
According to CISCO:-

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras.  Mitigations that can be deployed on Cisco devices within the network are available.

Vulnerable Products:-

Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series are affected by this vulnerability. For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all 1.1.x software releases and releases prior 2.4.0 are affected by this vulnerability. For Cisco Video Surveillance 2600 IP Camera, all software releases before 4.2.0-13 are affected by this vulnerability.

Details:-

The Cisco Video Surveillance IP Cameras are feature-rich digital cameras designed to provide superior performance in a wide variety of video surveillance applications.
Cisco Video Surveillance IP Cameras RTSP Crafted Packet Vulnerability. The Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series of devices are affected by a RSTP TCP crafted packets denial of service vulnerability that may allow an unauthenticated attacker to cause the device to reload by sending a series of crafted packets. This vulnerability can be exploited from both wired and wireless segments.

• For more information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DDoS Vulnerability in Cisco Video Surveillance IP Cameras"https://www.voiceofgreyhat.com/2011/10/ddos-vulnerability-in-cisco-video.html</a>

Cisco branch networks simplified with cloud-managed WLAN and security

Cisco branch networks are about to get simpler with a cloud-based wireless LAN controller that can manage thousands of access points across hundreds of branch offices, limiting the need for on-site IT staff in the branch office.

At Interop Las Vegas 2011, Cisco Systems announced cloud-based remote network management and centralized security products to address the biggest challenge faced by enterprises with very large WANs: the lack of on-site IT staff at branch offices.

The release includes a wireless LAN controller capable of managing and controlling thousands of access points (APs) across branch offices from a centralized data center. The company also added ScanSafe cloud-based Web security to its Integrated Services Router (ISR) G2 line, which prevents large WAN managers from having to backhaul Internet traffic to headquarters for security.

"Remote troubleshooting has always been a challenge to address [in the branch network]," said Michael Spanbauer, principal analyst with Current Analysis. "The simpler you can make the branch office, the more you can reduce your IT costs.”

Cisco cloud-managed wireless LAN

The new Cisco Flex 7500 Series Cloud Controller is a 1 RU wireless LAN controller capable of managing 2,000 wireless LAN access points and 20,000 mobile clients across 500 branches. It is available now at a list price of $47,995. The Flex 7500 supports Layer 2 wireless networking, secure guest access and rogue AP detection, as well as managing up to 50 APs. It does not support Layer 3 roaming and it won't support higher end rich media such as multicast video.

Data traffic is switched locally among the APs in a given branch, so if WAN connectivity is lost and APs can't communicate with the Flex 7500, they can still serve local clients, said Inbar Lasser-Raab, senior marketing director at Cisco.

Many enterprises aim for remote management of expensive wireless LAN controllers locally deployed in larger branch offices that don't have IT staff, Spanbauer said. By consolidating these distributed controllers with a single Flex 7500 in a central data center, a company can reduce both operational and capital expenses, he said. 

"Centralizing the challenging-to-configure hardware ultimately reduces your OpEx, because there's no need to send technicians out to replace or troubleshoot those controllers," he said.

Cisco also announced a new wireless LAN customer at Interop 2011, national retailer Bass Pro Shops, which adopted the new Flex 7500 after beta testing. The retail chain uses the 7500 to manage wireless LAN deployed across 54 stores, each with 35 or more wireless clients, including handheld scanners and wireless printers, as well as its corporate headquarters and distribution facility.

Director of IT Services Steve Marshall started beta testing the Flex 7500 at Bass Pro Shops "because of Cisco's promise that there was added resiliency for the APs and potential costs saving," he said. "We will see savings in new stores as we no longer need local controllers."

Centralized cloud wireless LAN management also means the ability to roll out OS updates across the branches. After all, “if you make one change to this controller, that can go out to a set of 200 branches whether it's security, management or other wireless enhancements,” said IDC analyst Rohit Mehra.

Pushing controller functionality to the cloud is not necessarily a novel approach. Meraki has been a pioneer in the space, offering a subscription-based, wireless LAN cloud controller service, rather than a physical box like Cisco. Aerohive distributes wireless LAN controller functionality across its APs with just its centralized management server, HiveManager.

Cisco also announced at Interop 2011 that ScanSafe Web security will be available in the ISR G2 in July as part of the line's existing security bundle license, which starts at $2,595 per box. Although ScanSafe is a free addition to the ISR security bundle, customers will have to subscribe to the general service in order to take advantage of the ISR feature.

"The vast majority of organizations still backhaul [Internet traffic] to headquarters for security," Lasser-Raab said. "One of the biggest challenges most organizations face is ever-increasing WAN requirements. More are deploying video services."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco branch networks simplified with cloud-managed WLAN and security"https://www.voiceofgreyhat.com/2011/05/cisco-branch-networks-simplified-with.html</a>

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances 

Giant of networking equipment manufacturer CISCO warning of a critical vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA). An unauthenticated attacker can remotely execute arbitrary code and compromise a victim's system. The problem is located in a Cisco port forwarding ActiveX control – distributed to client systems by ASA as part of the Clientless VPN feature – that can be used to cause a buffer overflow attack.  Versions 7.1 and 7.2, as well as 8.0 to 8.6 of the Cisco ASA software are affected. Cisco has contacted Microsoft and requested that it set a global kill bit for the vulnerable control in a future update, which will disable the exploitable control on affected systems. The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory. In their security updates CISCO also closes the denial of service hole in  ASA 5500 Series appliances and the Catalyst 6500 Series ASA Services Module (ASASM).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances"https://www.voiceofgreyhat.com/2012/03/cisco-closed-remote-code-execution-dos.html</a>

Juniper rolls out latest Cisco challenge

Juniper Networks this week is rolling out its first dedicated line of enterprise edge routers, a collection of products that borrow technology from the company's powerful service provider routers and that will give customers a new alternative to Cisco ASR gear.

Juniper says the new MX routers allow customer to scale from 20Gbps up to 2.6Tbps via the existing MX960. Juniper claims its differentiators are the single Junos software across this line and most of its other products, straightforward scalability and some service and support enhancements.
IN PICTURES: First look at Juniper MX enterprise router line
The new products should give Juniper a shot at cutting into Cisco's stronghold in enterprise routers, a market that Dell'Oro Group said was worth $3.3 billion in 2010. Cisco held an 82% share while Juniper was a distant second with a 5.5% share.
Dell'Oro believes a new generation of Juniper enterprise routers based on its 80Gbps MX80 model, which began shipping last year, may accelerate some market share gains. Other analysts agree, though say those gains will not likely be dramatic.
"The hardest area to take business from Cisco is the router space," says Zeus Kerrevala of the Yankee Group. "Cisco has such a lock on the enterprise router space I'm not sure a better mousetrap will make a difference. These will get them some share but it's going to be one step at a time."
Those steps start with the MX5, a 20Gbps router that features 20 Gigabit Ethernet SFP interfaces and a variety of WAN interfaces: four to eight OC-3s, two to eight OC-12s, one to four OC-48s, and eight DS-3s.
In fact, all of these WAN options are shared across the MX line, Juniper says.
The MX10 is a 40Gbps router with two slots for LAN interface modules -- the same 20 Gigabit Ethernet card as the MX5, and a dual 10G Ethernet CFO card. The MX40 is a 60Gbps router that carries the 20 Gigabit Ethernet and dual-port 10G cards, to go along with the two 10G Ethernet ports already integrated into the device.
The new MX routers also include Junos Space Service Now software, which is designed to simplify and automate technical support by eliminating most manual support operations; and J-Web, a Web-based application designed to enable connectivity and management of the devices and reduce onsite support requirements.
All routers are software license upgradeable to support added features and functions, Juniper says.
Cisco's ASR routers, meanwhile, scale from 2.5Gbps for the ASR 1002 to 360Gbps for the ASR 1013. WAN and LAN interface options include two- and four-port channelized and clear channel T-3/E-3; four-port serial interface; eight-port channelized T-1/E-1; four- and eight-port 10/100 Ethernet; two-, five-, eight- and 10-port Gigabit Ethernet; one-port 10 Gigabit Ethernet; and two- and four-port OC-3 packet over SONET (PoS), and one-port OC-12 PoS.
Pricing for the Cisco ARS series starts at $35,000 while Juniper's new MX line starts at $29,500 for the MX5.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Juniper rolls out latest Cisco challenge"https://www.voiceofgreyhat.com/2011/05/juniper-rolls-out-latest-cisco.html</a>

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)

A hacker named Ion from Team Openfire has found security holes in the official website of CISCO developer & Intel® Processors and Boards Compatibility Tool. The hacker claimed that he has reported both the authorities about the vulnerability. From them he did not get any positive reply so he decided to disclose the matter that CISCO & Intel websites are vulnerable to non-persistent XSS attacks. 

Intel:- 

The above screen shot have been submitted by the hacker which clearly indicating that Intel is indeed vulnerable to XSS attack. According to the hacker the search box of Intel® Processors and Boards Compatibility Tool is vulnerable to XSS . But later Intel confirms that the security hole has been patched. 

CISCO:-

Yet again the hacker also submitted the screen shot which clearly indicating that CISCO is indeed vulnerable to XSS attack. Here again he shared the vulnerability link with us. So far CSICO did not take this one seriously and the vulnerable status is un-patched.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)"https://www.voiceofgreyhat.com/2012/02/cisco-intel-is-vulnerable-to-xss-said.html</a>

CISCO's SQL Injection

VSR independently discovered this SQL injection flaw (CVE-2011-1610)
and reported it to Cisco on November 11, 2010.  Since we had very
limited time to preform testing on the product, and because Cisco
informed us that another researcher had reported the same flaw shortly
before us, we decided not to write a formal advisory.

However, I would like to add some additional technical information for
those who need to test for this flaw to determine if they are
vulnerable.  

During our tests on version 7.1.3.32900-4 of the product, we found
that SQL query errors generated by attacks causes the vulnerable JSP
script to return no records, but does not present any error message.
To confirm the injection existed, the result from the following two
query URLs were compared:

 /ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--

 /ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--

The first URL returns a very large record set (likely all user
records) while the second query returns no records.  The only
difference between the two being the order in which '0' and '1' appear
in the query, with the latter generating a divide-by-zero error.  It
is likely that a simpler test case can be developed, but this is what
we came up with during very limited testing.  We did not explore
injections on the l and n parameters.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO's SQL Injection"https://www.voiceofgreyhat.com/2011/05/ciscos-sql-injection.html</a>

Obama Proposes Cybersecurity Strategy to Replace Passwords

A new cybersecurity strategy will do away with traditional passwords and replace them with an “IdentityEcosystem.”

The new project, The National Strategy for Trusted Identities in Cyberspace (NSTIC), was released by the Obama Administration on April 15. It aims to protect users from identity theft, online fraud, and cybercriminals.

The Identity Ecosystem will offer “interoperable, secure, and reliable credentials” to anyone who wants them. These “credentials” can range from smartphone software, a password-generating token, or a smart card, according to a White House fact sheet on the program.

“We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” states the fact sheet. “Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”

The proposed strategy is not without its concerns, however, as it could make the government a one-stop-shop for online identity. Jim Fenton, a Distinguished Engineer for Cisco, addressed some of the main concerns in Cisco’s official blog.

According to Fenton, “There is concern that this will lead to a Government-run identity system with extensive surveillance power,” yet the system “should” allow users to have more than one identity “just as they might do business with more than one bank or have more than one credit card or brokerage account.”
The system should also remain secure, despite being centrally-located. He states, “It is true that identity providers are going to need very high security. But this is a risk that we can insure against ...”

He does add, however, that NSTIC leaves some questions unanswered, including details on the system’s business model and how it fits into the government structure.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Obama Proposes Cybersecurity Strategy to Replace Passwords"https://www.voiceofgreyhat.com/2011/04/obama-proposes-cybersecurity-strategy.html</a>

Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service

Google, Microsoft, Yahoo, AOL jointly enhancing the Agari anti-phishing service. Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening. "Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told the media in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.

Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies. "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."

Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service"https://www.voiceofgreyhat.com/2011/12/google-yahoo-microsoft-aol-jointly.html</a>

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India (DSCI) announced that the Annual Information Security Summit 2012 will be held on 11-12 December at Taj Lands End, Mumbai. The NASSCOM-DSCI Annual Information Security Summit this year will focus on the national cyber security elements- Framework, Machinery, Responsibility & Operations for all the critical information sectors like power, energy and finance where deliberation will take place on operating technologies like smart grid and industrial control system; the security and privacy imperatives of eCommerce, mCommerce and eGovernance application and platforms. The Summit will provide an opportunity to have focused discussions with government leaders along with global experts who will talk about the security ramifications at the global level. Special features such as celebrating the success of women leaders in the field of security, Workshop on IT Act and release of DSCI assessment frameworks will also be part of the annual summit. The addition of DSCIExcellence Awards 2012 to Corporate and LEAs this year along with Annual summit will truly make this as a platform where India Meets for Security. 

Who Should Attend:-

Organizations:

• User Organization – Banks, Finance, Telecom, Manufacturing, Energy
• Government & PSUs
• Technology & Service Providers
• Security Product/ Services Companies
• Academia

Individuals:

• Business Leaders
• IT Leadership
• Security & Privacy Leadership
• Security Professionals
• Security Implementer | Administrator | Officer

Participation benefits:

• Learn about new challenges, threats and vulnerabilities
• Gain Strategic direction & practical guidance
• Explore new approaches, practices, technologies and services
• Discover market developments and get a feel of technology products
• Discuss on public policies for cyber security and privacy
• Interact with national, government and global leadership

Agenda:- 

 

Tentative Agenda Topics for Annual Information Security Summit’12 : Day 1
Time	Session
0930 to 1015	Inaugural + Key Note
1015 to 1115	National Imperatives of Securing Operational Technologies … Smart Grids, Oil & Gas, & Public Utilities
1115 to 1140	Tea Break
1140 to 1200	Platinum Session 1 by Verizon
1200 to 1250	Protecting Key Economic Assets, Securing Financial Backbone …. Stock Exchange, Payment Infrastructures & Financial Switches
1250 to 1310	Platinum Session 2 by TCG
1310 to 1415	Lunch Break
1415 to 1430	Special feature
1430 to 1520	Architecting Security for New Age Banking … Business Models, Technology Transformations & Channel Revolutions in the midst of Organized, Focused, Advanced & Persistent Cyber Threats
1520 to 1540	Special feature by HP
1540 to 1640	Revolution named Clobile, Nightmare for Security? … Enterprise Mobility, Mobile Apps and Cloud Enablement Data driven Businesses
1640 to 1700	Tea Break
1700 to 1800	Data driven Businesses – Data reason for Empowerment and Concern … Big Data, Context Computing & Social Media Computing
1800 to 1900	Networking and Exhibition
1900 to 2030	DSCI Excellence Awards 2012 Corporate Law Enforcement
2030 Onwards	Cocktail Dinner
Day 2
Time	Session
0930 to 1030	Cyber Security, from National Responsibility to Global Accountability … Cyber diplomacy, converging national and international interests
1030 to 1100	Special Feature by CISCO
1100 to 1130	Tea Break
1130 to 1230	Securing Technology Transformation of Governance … eGovernance projects, Security Challenges & Solutions
1230 to 1315	Rendezvous with Women Security Leaders: Special Interaction …. Security, Challenges and Opportunities for Women
1315 to 1415	Lunch Break
1415 to 1515	Security Enablement of Growing Electronic & Mobile Commerce … Rising Volume & Growth of Commerce, Security as Enabler
1515 to 1600	Securing core, edge, access & connect: reappearance of network on agenda of security … Finding the role of network security: Infrastructure Core, Hyer-extensive organizations, Access complexities, Mobility & External exposures
1600 to 1630	Tea Break
1630 to 1730	Consumer Behaviors and Business Responsibilities In the Information Age … Responsible Behaviors, Fair Business Practices & Enabling Technologies

To Get Yourself Registrar For the Event Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012"https://www.voiceofgreyhat.com/2012/10/NASSCOM-DSCI-Annual-Information-Security-Summit.html</a>

NASA, Stanford Websites Hit by Search Engine Scammers

Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.

NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google.

The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages.

Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap software.

Jane Platt, a spokeswoman for NASA's Jet Propulsion Laboratory, said the NASA site was safe to visit, but she declined to comment on the hacking incident because NASA's policy "is not to discuss security matters."

Some of the sites seem to have been hacked so that they pop up in the top results when Web surfers are looking for cheap Adobe software.

It looks like the scammers are trying to make money by generating Web traffic for online retailers, said Mary Landesman, a security researcher with Cisco's ScanSafe group. On some of the sites, visitors who arrive following a Google search are automatically redirected to online retailers.

Google awards a higher ranking to Web pages hosted on trusted, high-profile websites, so by hacking NASA and Stanford's pages, the scammers can generate more traffic for their clients and earn themselves more money in referral fees, she said. "Someone searching for cheap Adobe products is more likely to get those results," she said.

This type of search engine poisoning has been around for years. Hackers often use a Web hacking technique called SQL injection to break into websites, but they can also do this by stealing or guessing passwords.

With NASA set to launch the Space Shuttle Endeavor next week, a lot of people are visiting the space agency's website -- something that makes it only more valuable to hackers, according to Chester Wisniewski, a security researcher with Sophos. Although none of the sites examined Monday contained malicious software, that could easily have been the case, Wisniewski said. "If they were to get malicious code inserted into those pages, it could hurt a lot of people," he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address isrobert_mcmillan@idg.com

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASA, Stanford Websites Hit by Search Engine Scammers"https://www.voiceofgreyhat.com/2011/05/nasa-stanford-websites-hit-by-search.html</a>

OpenSSL 1.0.0g Released, Denial Of Service (DoS) Vulnerability Fixed

Developers of OpenSSL has released their new version 1.0.0g and 0.9.8t of OpenSSL to address a denial of service issue introduced by one of the six fixes included in the version they released earlier this month. The problem was created by the fix for a critical vulnerability in the CBC ("Cipher block chaining") encryption mode which enabled plaintext recovery of OpenSSL's implementation of DTLS (Datagram TLS). Accordingly, the advisory notes that the DoS flaw only affects users using DTLS applications that use OpenSSL 1.0.0f and 0.9.8s. The developers credit Antonio Martin of Cisco Systems for discovering the bug and preparing the fix for it.

Brief About OpenSSL:-

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

To Download The Source Code Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">OpenSSL 1.0.0g Released, Denial Of Service (DoS) Vulnerability Fixed"https://www.voiceofgreyhat.com/2012/01/openssl-100g-released-denial-of-service.html</a>

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:

• Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
• Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
• Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.

GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit"https://www.voiceofgreyhat.com/2013/05/GFI-LanGuard-2012-released-for-download.html</a>