CISCO said IOS XR Software is Vulnerable

Cisco (NSDQ:CSCO) this week issued several new security advisories related to its content delivery system Internet streamer, Web management interfaces, IOS XR software platform and XR 12000 series shared port adapters. The updates, dated May 25, are the most recent batch from Cisco since warning users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers in late April. The updates detail several new vulnerabilities. According to Cisco, the Cisco Internet Streamer application, which is part of Cisco's Content Delivery System, has a vulnerability in its Web server component that causes the Web server to crash when processing specially crafted URLs. Cisco has issued a free software update to address it; workarounds are not available. The vulnerability affects system software version 2.5.7 or later on Cisco's Internet Streamer application. Cisco also disclosed vulnerabilities in its RVS4000 four-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit security routers which, according to Cisco, have "several Web interface vulnerabilities that can be exploited by a remote, unauthenticated user." Cisco released software to address each; affected lines are the Cisco RVS4000 Gigabit Security Router v1 and v2 and the Cisco WRVS4400N Wireless-N Gigabit Security Routers v1, v1.1 and v2. Cisco noted that both v1 and v1.1 of the WRVS4400N routers previously were made end-of-life and the company will not be making further firmware updates to either. Also disclosed this week were vulnerabilities to Cisco IOS XR Software releases 3.8.3, 3.8.4 and 3.9.1, whereby an unauthenticated, remote user can trigger vulnerabilities by sending specific IPv4 packets to or through an affected device. Doing so, Cisco noted, could cause the NetIO process to restart and could prompt the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router to reload. Cisco is releasing free Software Maintenance Units to address the problems, which affect any device running those versions of Cisco IOS XR Software with an IPv4 address configured on an interface of a Cisco Line Card or Cisco CRS MSC. There are more headaches for Cisco IOS XR Software, Cisco said, specifically versions 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2 and 4.1.0. All are affected by a vulnerability in which an unauthenticated, remote user could trigger a reload of a Shared Port Adapters (SPA) interface processor by sending specific IPv4 packets to an affected device. As in the previous advisory, Cisco released free Software Maintenance Units. The vulnerability affects any device running the aforementioned Cisco IOS XR releases with an SPA interface processor installed. The last of Cisco's May 25 updates is a Denial of Service (DoS) vulnerability found in Cisco IOS XR Software in the SSH application, specifically when SSH version 1 is used. The vulnerability, according to Cisco, is a result of unremoved sshd_lock files that consume all available space in the /tmp filesystem. Cisco has released free software updates to address the issue, which affects all unfixed versions of Cisco IOS XR Software devices configured to accept SSHv1 connections.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO said IOS XR Software is Vulnerable"https://www.voiceofgreyhat.com/2011/05/cisco-said-ios-xr-software-is.html</a>

Denial of Service Vulnerability in Cisco IOS Software IPv6

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

Note:- The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. 

Affected Products:-

Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is executed.

The show ipv6 interface brief command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios.

Sample output of the show ipv6 interface brief command on a system that is configured for IPv6 operation follows:-

router>show ipv6 interface brief 
FastEthernet0/0            [up/up]
    FE80::222:90FF:FEB0:1098
    2001:DB8:2:93::3
    200A:1::1
FastEthernet0/1            [up/up]
    FE80::222:90FF:FEB0:1099
    2001:DB8:2:94::1
Serial0/0/0                [down/down]
    unassigned
Serial0/0/0.4              [down/down]
    unassigned
Serial0/0/0.5              [down/down]
    unassigned
Serial0/0/0.6              [down/down]
    unassigned

Alternatively, the IPv6 protocol is enabled if the interface configuration command ipv6 address <IPv6 address> or ipv6 enable is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows:-

interface FastEthernet0/1
 ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
 ipv6 enable

A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets).

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated

 For Additional information click Here

-News Source (Cisco)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Denial of Service Vulnerability in Cisco IOS Software IPv6"https://www.voiceofgreyhat.com/2011/10/denial-of-service-vulnerability-in.html</a>

Cisco and NSS Labs still arguing firewall vulnerability test results

NSS Labs today is expected to say four out of five vendors -- Palo Alto Networks, Juniper, Fortinet and SonicWall -- whose firewall equipment it said was vulnerable to a hacker exploit have corrected the problem. The fifth, Cisco, maintains its ASA firewall isn't susceptible to the exploit known as the "TCP Split Handshake," which lets an attacker remotely fool the firewall into thinking an IP connection is a trusted one behind the firewall.

The discrepancy with Cisco was generated by a NSS Labs report last month that said five firewalls, including one from Cisco, were susceptible to the TCP Split Handshake attack. NSS Labs today will indicate that Cisco has, in its view, failed to remediate its ASA firewall for protection against TCP Split Handshake by default.

REPORT: Hacker 'handshake' hole found in common firewalls

Cisco, which from the start has denied NSS Labs' findings, says via a Cisco spokesman that its position "remains unchanged." Cisco does not believe the ASA device is susceptible to the TCP Split Handshake issue, including in its default configuration. Cisco said it is sharing the results of its internal investigations with customers wanting it. Cisco is the leading provider of firewalls on the market today.

"They spent two days in our lab and we showed them everything," says Rick Moy, president of NSS Labs, alluding to two separate visits that Cisco engineers made to work together with NSS Labs staff to test a few different types of ASA firewalls, one provided by Cisco and one bought by NSS Labs. "Their engineers agreed something was going on."

Vik Phatak, NSS Labs chief technology officer, says the crux of the matter, in his view, is that Cisco's approach to having ASA block the TCP Split Handshake relies on "using access-control lists to stop it in some cases. They're relying on customers following their best practices." But Phatak says there are "dozens if not hundreds of use cases" and Cisco ASA is "not stopping the handshake issue by default."

Phatak says setting up the firewall access-control lists in the way Cisco envisions to prevent this attack is not necessarily the type of configuration that would work for all enterprise customers. "It's a workaround," Phatak says about Cisco's approach to the TCP Split Handshake issue.

NSS Labs is expected to detail in its research update how Palo Alto Networks, Juniper, Fortinet and SonicWall have made changes, such as through patching, to prevent the attack by default. Phatak notes that NSS Labs may proceed in the future with more extensive testing of firewalls to determine whether there are any performance issues that arise because of the remediation.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco and NSS Labs still arguing firewall vulnerability test results"https://www.voiceofgreyhat.com/2011/05/cisco-and-nss-labs-still-arguing.html</a>

DDoS Vulnerability in Cisco Video Surveillance IP Cameras

Denial of Service Vulnerability found in Cisco Video Surveillance IP Cameras.
According to CISCO:-

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras.  Mitigations that can be deployed on Cisco devices within the network are available.

Vulnerable Products:-

Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series are affected by this vulnerability. For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all 1.1.x software releases and releases prior 2.4.0 are affected by this vulnerability. For Cisco Video Surveillance 2600 IP Camera, all software releases before 4.2.0-13 are affected by this vulnerability.

Details:-

The Cisco Video Surveillance IP Cameras are feature-rich digital cameras designed to provide superior performance in a wide variety of video surveillance applications.
Cisco Video Surveillance IP Cameras RTSP Crafted Packet Vulnerability. The Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series of devices are affected by a RSTP TCP crafted packets denial of service vulnerability that may allow an unauthenticated attacker to cause the device to reload by sending a series of crafted packets. This vulnerability can be exploited from both wired and wireless segments.

• For more information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DDoS Vulnerability in Cisco Video Surveillance IP Cameras"https://www.voiceofgreyhat.com/2011/10/ddos-vulnerability-in-cisco-video.html</a>

Cisco branch networks simplified with cloud-managed WLAN and security

Cisco branch networks are about to get simpler with a cloud-based wireless LAN controller that can manage thousands of access points across hundreds of branch offices, limiting the need for on-site IT staff in the branch office.

At Interop Las Vegas 2011, Cisco Systems announced cloud-based remote network management and centralized security products to address the biggest challenge faced by enterprises with very large WANs: the lack of on-site IT staff at branch offices.

The release includes a wireless LAN controller capable of managing and controlling thousands of access points (APs) across branch offices from a centralized data center. The company also added ScanSafe cloud-based Web security to its Integrated Services Router (ISR) G2 line, which prevents large WAN managers from having to backhaul Internet traffic to headquarters for security.

"Remote troubleshooting has always been a challenge to address [in the branch network]," said Michael Spanbauer, principal analyst with Current Analysis. "The simpler you can make the branch office, the more you can reduce your IT costs.”

Cisco cloud-managed wireless LAN

The new Cisco Flex 7500 Series Cloud Controller is a 1 RU wireless LAN controller capable of managing 2,000 wireless LAN access points and 20,000 mobile clients across 500 branches. It is available now at a list price of $47,995. The Flex 7500 supports Layer 2 wireless networking, secure guest access and rogue AP detection, as well as managing up to 50 APs. It does not support Layer 3 roaming and it won't support higher end rich media such as multicast video.

Data traffic is switched locally among the APs in a given branch, so if WAN connectivity is lost and APs can't communicate with the Flex 7500, they can still serve local clients, said Inbar Lasser-Raab, senior marketing director at Cisco.

Many enterprises aim for remote management of expensive wireless LAN controllers locally deployed in larger branch offices that don't have IT staff, Spanbauer said. By consolidating these distributed controllers with a single Flex 7500 in a central data center, a company can reduce both operational and capital expenses, he said. 

"Centralizing the challenging-to-configure hardware ultimately reduces your OpEx, because there's no need to send technicians out to replace or troubleshoot those controllers," he said.

Cisco also announced a new wireless LAN customer at Interop 2011, national retailer Bass Pro Shops, which adopted the new Flex 7500 after beta testing. The retail chain uses the 7500 to manage wireless LAN deployed across 54 stores, each with 35 or more wireless clients, including handheld scanners and wireless printers, as well as its corporate headquarters and distribution facility.

Director of IT Services Steve Marshall started beta testing the Flex 7500 at Bass Pro Shops "because of Cisco's promise that there was added resiliency for the APs and potential costs saving," he said. "We will see savings in new stores as we no longer need local controllers."

Centralized cloud wireless LAN management also means the ability to roll out OS updates across the branches. After all, “if you make one change to this controller, that can go out to a set of 200 branches whether it's security, management or other wireless enhancements,” said IDC analyst Rohit Mehra.

Pushing controller functionality to the cloud is not necessarily a novel approach. Meraki has been a pioneer in the space, offering a subscription-based, wireless LAN cloud controller service, rather than a physical box like Cisco. Aerohive distributes wireless LAN controller functionality across its APs with just its centralized management server, HiveManager.

Cisco also announced at Interop 2011 that ScanSafe Web security will be available in the ISR G2 in July as part of the line's existing security bundle license, which starts at $2,595 per box. Although ScanSafe is a free addition to the ISR security bundle, customers will have to subscribe to the general service in order to take advantage of the ISR feature.

"The vast majority of organizations still backhaul [Internet traffic] to headquarters for security," Lasser-Raab said. "One of the biggest challenges most organizations face is ever-increasing WAN requirements. More are deploying video services."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco branch networks simplified with cloud-managed WLAN and security"https://www.voiceofgreyhat.com/2011/05/cisco-branch-networks-simplified-with.html</a>

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances 

Giant of networking equipment manufacturer CISCO warning of a critical vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA). An unauthenticated attacker can remotely execute arbitrary code and compromise a victim's system. The problem is located in a Cisco port forwarding ActiveX control – distributed to client systems by ASA as part of the Clientless VPN feature – that can be used to cause a buffer overflow attack.  Versions 7.1 and 7.2, as well as 8.0 to 8.6 of the Cisco ASA software are affected. Cisco has contacted Microsoft and requested that it set a global kill bit for the vulnerable control in a future update, which will disable the exploitable control on affected systems. The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory. In their security updates CISCO also closes the denial of service hole in  ASA 5500 Series appliances and the Catalyst 6500 Series ASA Services Module (ASASM).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances"https://www.voiceofgreyhat.com/2012/03/cisco-closed-remote-code-execution-dos.html</a>

Juniper rolls out latest Cisco challenge

Juniper Networks this week is rolling out its first dedicated line of enterprise edge routers, a collection of products that borrow technology from the company's powerful service provider routers and that will give customers a new alternative to Cisco ASR gear.

Juniper says the new MX routers allow customer to scale from 20Gbps up to 2.6Tbps via the existing MX960. Juniper claims its differentiators are the single Junos software across this line and most of its other products, straightforward scalability and some service and support enhancements.
IN PICTURES: First look at Juniper MX enterprise router line
The new products should give Juniper a shot at cutting into Cisco's stronghold in enterprise routers, a market that Dell'Oro Group said was worth $3.3 billion in 2010. Cisco held an 82% share while Juniper was a distant second with a 5.5% share.
Dell'Oro believes a new generation of Juniper enterprise routers based on its 80Gbps MX80 model, which began shipping last year, may accelerate some market share gains. Other analysts agree, though say those gains will not likely be dramatic.
"The hardest area to take business from Cisco is the router space," says Zeus Kerrevala of the Yankee Group. "Cisco has such a lock on the enterprise router space I'm not sure a better mousetrap will make a difference. These will get them some share but it's going to be one step at a time."
Those steps start with the MX5, a 20Gbps router that features 20 Gigabit Ethernet SFP interfaces and a variety of WAN interfaces: four to eight OC-3s, two to eight OC-12s, one to four OC-48s, and eight DS-3s.
In fact, all of these WAN options are shared across the MX line, Juniper says.
The MX10 is a 40Gbps router with two slots for LAN interface modules -- the same 20 Gigabit Ethernet card as the MX5, and a dual 10G Ethernet CFO card. The MX40 is a 60Gbps router that carries the 20 Gigabit Ethernet and dual-port 10G cards, to go along with the two 10G Ethernet ports already integrated into the device.
The new MX routers also include Junos Space Service Now software, which is designed to simplify and automate technical support by eliminating most manual support operations; and J-Web, a Web-based application designed to enable connectivity and management of the devices and reduce onsite support requirements.
All routers are software license upgradeable to support added features and functions, Juniper says.
Cisco's ASR routers, meanwhile, scale from 2.5Gbps for the ASR 1002 to 360Gbps for the ASR 1013. WAN and LAN interface options include two- and four-port channelized and clear channel T-3/E-3; four-port serial interface; eight-port channelized T-1/E-1; four- and eight-port 10/100 Ethernet; two-, five-, eight- and 10-port Gigabit Ethernet; one-port 10 Gigabit Ethernet; and two- and four-port OC-3 packet over SONET (PoS), and one-port OC-12 PoS.
Pricing for the Cisco ARS series starts at $35,000 while Juniper's new MX line starts at $29,500 for the MX5.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Juniper rolls out latest Cisco challenge"https://www.voiceofgreyhat.com/2011/05/juniper-rolls-out-latest-cisco.html</a>

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)

A hacker named Ion from Team Openfire has found security holes in the official website of CISCO developer & Intel® Processors and Boards Compatibility Tool. The hacker claimed that he has reported both the authorities about the vulnerability. From them he did not get any positive reply so he decided to disclose the matter that CISCO & Intel websites are vulnerable to non-persistent XSS attacks. 

Intel:- 

The above screen shot have been submitted by the hacker which clearly indicating that Intel is indeed vulnerable to XSS attack. According to the hacker the search box of Intel® Processors and Boards Compatibility Tool is vulnerable to XSS . But later Intel confirms that the security hole has been patched. 

CISCO:-

Yet again the hacker also submitted the screen shot which clearly indicating that CISCO is indeed vulnerable to XSS attack. Here again he shared the vulnerability link with us. So far CSICO did not take this one seriously and the vulnerable status is un-patched.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)"https://www.voiceofgreyhat.com/2012/02/cisco-intel-is-vulnerable-to-xss-said.html</a>

CISCO's SQL Injection

VSR independently discovered this SQL injection flaw (CVE-2011-1610)
and reported it to Cisco on November 11, 2010.  Since we had very
limited time to preform testing on the product, and because Cisco
informed us that another researcher had reported the same flaw shortly
before us, we decided not to write a formal advisory.

However, I would like to add some additional technical information for
those who need to test for this flaw to determine if they are
vulnerable.  

During our tests on version 7.1.3.32900-4 of the product, we found
that SQL query errors generated by attacks causes the vulnerable JSP
script to return no records, but does not present any error message.
To confirm the injection existed, the result from the following two
query URLs were compared:

 /ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--

 /ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--

The first URL returns a very large record set (likely all user
records) while the second query returns no records.  The only
difference between the two being the order in which '0' and '1' appear
in the query, with the latter generating a divide-by-zero error.  It
is likely that a simpler test case can be developed, but this is what
we came up with during very limited testing.  We did not explore
injections on the l and n parameters.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO's SQL Injection"https://www.voiceofgreyhat.com/2011/05/ciscos-sql-injection.html</a>

Obama Proposes Cybersecurity Strategy to Replace Passwords

A new cybersecurity strategy will do away with traditional passwords and replace them with an “IdentityEcosystem.”

The new project, The National Strategy for Trusted Identities in Cyberspace (NSTIC), was released by the Obama Administration on April 15. It aims to protect users from identity theft, online fraud, and cybercriminals.

The Identity Ecosystem will offer “interoperable, secure, and reliable credentials” to anyone who wants them. These “credentials” can range from smartphone software, a password-generating token, or a smart card, according to a White House fact sheet on the program.

“We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” states the fact sheet. “Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”

The proposed strategy is not without its concerns, however, as it could make the government a one-stop-shop for online identity. Jim Fenton, a Distinguished Engineer for Cisco, addressed some of the main concerns in Cisco’s official blog.

According to Fenton, “There is concern that this will lead to a Government-run identity system with extensive surveillance power,” yet the system “should” allow users to have more than one identity “just as they might do business with more than one bank or have more than one credit card or brokerage account.”
The system should also remain secure, despite being centrally-located. He states, “It is true that identity providers are going to need very high security. But this is a risk that we can insure against ...”

He does add, however, that NSTIC leaves some questions unanswered, including details on the system’s business model and how it fits into the government structure.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Obama Proposes Cybersecurity Strategy to Replace Passwords"https://www.voiceofgreyhat.com/2011/04/obama-proposes-cybersecurity-strategy.html</a>

Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service

Google, Microsoft, Yahoo, AOL jointly enhancing the Agari anti-phishing service. Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening. "Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told the media in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.

Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies. "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."

Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service"https://www.voiceofgreyhat.com/2011/12/google-yahoo-microsoft-aol-jointly.html</a>

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India (DSCI) announced that the Annual Information Security Summit 2012 will be held on 11-12 December at Taj Lands End, Mumbai. The NASSCOM-DSCI Annual Information Security Summit this year will focus on the national cyber security elements- Framework, Machinery, Responsibility & Operations for all the critical information sectors like power, energy and finance where deliberation will take place on operating technologies like smart grid and industrial control system; the security and privacy imperatives of eCommerce, mCommerce and eGovernance application and platforms. The Summit will provide an opportunity to have focused discussions with government leaders along with global experts who will talk about the security ramifications at the global level. Special features such as celebrating the success of women leaders in the field of security, Workshop on IT Act and release of DSCI assessment frameworks will also be part of the annual summit. The addition of DSCIExcellence Awards 2012 to Corporate and LEAs this year along with Annual summit will truly make this as a platform where India Meets for Security. 

Who Should Attend:-

Organizations:

• User Organization – Banks, Finance, Telecom, Manufacturing, Energy
• Government & PSUs
• Technology & Service Providers
• Security Product/ Services Companies
• Academia

Individuals:

• Business Leaders
• IT Leadership
• Security & Privacy Leadership
• Security Professionals
• Security Implementer | Administrator | Officer

Participation benefits:

• Learn about new challenges, threats and vulnerabilities
• Gain Strategic direction & practical guidance
• Explore new approaches, practices, technologies and services
• Discover market developments and get a feel of technology products
• Discuss on public policies for cyber security and privacy
• Interact with national, government and global leadership

Agenda:- 

 

Tentative Agenda Topics for Annual Information Security Summit’12 : Day 1
Time	Session
0930 to 1015	Inaugural + Key Note
1015 to 1115	National Imperatives of Securing Operational Technologies … Smart Grids, Oil & Gas, & Public Utilities
1115 to 1140	Tea Break
1140 to 1200	Platinum Session 1 by Verizon
1200 to 1250	Protecting Key Economic Assets, Securing Financial Backbone …. Stock Exchange, Payment Infrastructures & Financial Switches
1250 to 1310	Platinum Session 2 by TCG
1310 to 1415	Lunch Break
1415 to 1430	Special feature
1430 to 1520	Architecting Security for New Age Banking … Business Models, Technology Transformations & Channel Revolutions in the midst of Organized, Focused, Advanced & Persistent Cyber Threats
1520 to 1540	Special feature by HP
1540 to 1640	Revolution named Clobile, Nightmare for Security? … Enterprise Mobility, Mobile Apps and Cloud Enablement Data driven Businesses
1640 to 1700	Tea Break
1700 to 1800	Data driven Businesses – Data reason for Empowerment and Concern … Big Data, Context Computing & Social Media Computing
1800 to 1900	Networking and Exhibition
1900 to 2030	DSCI Excellence Awards 2012 Corporate Law Enforcement
2030 Onwards	Cocktail Dinner
Day 2
Time	Session
0930 to 1030	Cyber Security, from National Responsibility to Global Accountability … Cyber diplomacy, converging national and international interests
1030 to 1100	Special Feature by CISCO
1100 to 1130	Tea Break
1130 to 1230	Securing Technology Transformation of Governance … eGovernance projects, Security Challenges & Solutions
1230 to 1315	Rendezvous with Women Security Leaders: Special Interaction …. Security, Challenges and Opportunities for Women
1315 to 1415	Lunch Break
1415 to 1515	Security Enablement of Growing Electronic & Mobile Commerce … Rising Volume & Growth of Commerce, Security as Enabler
1515 to 1600	Securing core, edge, access & connect: reappearance of network on agenda of security … Finding the role of network security: Infrastructure Core, Hyer-extensive organizations, Access complexities, Mobility & External exposures
1600 to 1630	Tea Break
1630 to 1730	Consumer Behaviors and Business Responsibilities In the Information Age … Responsible Behaviors, Fair Business Practices & Enabling Technologies

To Get Yourself Registrar For the Event Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012"https://www.voiceofgreyhat.com/2012/10/NASSCOM-DSCI-Annual-Information-Security-Summit.html</a>

Nmap 5.59 BETA1 (With 40 new NSE scripts)

Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!

o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
 more about any of them at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + afp-ls: Lists files and their attributes from Apple Filing
   Protocol (AFP) volumes. [Patrik Karlsson]

 + backorifice-brute: Performs brute force password auditing against
   the BackOrifice remote administration (trojan) service. [Gorjan
   Petrovski]

 + backorifice-info: Connects to a BackOrifice service and gathers
   information about the host and the BackOrifice service
   itself. [Gorjan Petrovski]

 + broadcast-avahi-dos: Attempts to discover hosts in the local
   network using the DNS Service Discovery protocol, then tests
   whether each host is vulnerable to the Avahi NULL UDP packet
   denial of service bug (CVE-2011-1002). [Djalal Harouni]

 + broadcast-netbios-master-browser: Attempts to discover master
   browsers and the Windows domains they manage. [Patrik Karlsson]

 + broadcast-novell-locate: Attempts to use the Service Location
   Protocol to discover Novell NetWare Core Protocol (NCP)
   servers. [Patrik Karlsson]

 + creds-summary: Lists all discovered credentials (e.g. from brute
   force and default password checking scripts) at end of scan.
   [Patrik Karlsson]

 + dns-brute: Attempts to enumerate DNS hostnames by brute force
   guessing of common subdomains. [Cirrus]

 + dns-nsec-enum: Attempts to discover target hosts' services using
   the DNS Service Discovery protocol. [Patrik Karlsson]

 + dpap-brute: Performs brute force password auditing against an
   iPhoto Library. [Patrik Karlsson]

 + epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
   retrieves a list of nodes with their respective port
   numbers. [Toni Ruottu]

 + http-affiliate-id: Grabs affiliate network IDs (e.g. Google
   AdSense or Analytics, Amazon Associates, etc.) from a web
   page. These can be used to identify pages with the same
   owner. [Hani Benhabiles, Daniel Miller]

 + http-barracuda-dir-traversal: Attempts to retrieve the
   configuration settings from a Barracuda Networks Spam & Virus
   Firewall device using the directory traversal vulnerability
   described at
   http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]

 + http-cakephp-version: Obtains the CakePHP version of a web
   application built with the CakePHP framework by fingerprinting
   default files shipped with the CakePHP framework. [Paulino
   Calderon]

 + http-majordomo2-dir-traversal: Exploits a directory traversal
   vulnerability existing in the Majordomo2 mailing list manager to
   retrieve remote files. (CVE-2011-0049). [Paulino Calderon]

 + http-wp-plugins: Tries to obtain a list of installed WordPress
   plugins by brute force testing for known plugins. [Ange Gutek]

 + ip-geolocation-geobytes: Tries to identify the physical location
   of an IP address using the Geobytes geolocation web service
   (http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]

 + ip-geolocation-geoplugin: Tries to identify the physical location
   of an IP address using the Geoplugin geolocation web service
   (http://www.geoplugin.com/). [Gorjan Petrovski]

 + ip-geolocation-ipinfodb: Tries to identify the physical location
   of an IP address using the IPInfoDB geolocation web service
   (http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]

 + ip-geolocation-maxmind: Tries to identify the physical location of
   an IP address using a Geolocation Maxmind database file (available
   from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]

 + ldap-novell-getpass: Attempts to retrieve the Novell Universal
   Password for a user. You must already have (and include in script
   arguments) the username and password for an eDirectory server
   administrative account. [Patrik Karlsson]

 + mac-geolocation: Looks up geolocation information for BSSID (MAC)
   addresses of WiFi access points in the Google geolocation
   database. [Gorjan Petrovski]

 + mysql-audit: Audit MySQL database server security configuration
   against parts of the CIS MySQL v1.0.2 benchmark (the engine can
   also be used for other MySQL audits by creating appropriate audit
   files).  [Patrik Karlsson]

 + ncp-enum-users: Retrieves a list of all eDirectory users from the
   Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]

 + ncp-serverinfo: Retrieves eDirectory server information (OS
   version, server name, mounts, etc.) from the Novell NetWare Core
   Protocol (NCP) service. [Patrik Karlsson]

 + nping-brute: Performs brute force password auditing against an
   Nping Echo service. [Toni Ruottu]

 + omp2-brute: Performs brute force password auditing against the
   OpenVAS manager using OMPv2. [Henri Doreau]

 + omp2-enum-targets: Attempts to retrieve the list of target systems
   and networks from an OpenVAS Manager server. [Henri Doreau]

 + ovs-agent-version: Detects the version of an Oracle OVSAgentServer
   by fingerprinting responses to an HTTP GET request and an XML-RPC
   method call. [David Fifield]

 + quake3-master-getservers: Queries Quake3-style master servers for
   game servers (many games other than Quake 3 use this same
   protocol). [Toni Ruottu]

 + servicetags: Attempts to extract system information (OS, hardware,
   etc.) from the Sun Service Tags service agent (UDP port
   6481). [Matthew Flanagan]

 + sip-brute: Performs brute force password auditing against Session
   Initiation Protocol (SIP -

http://en.wikipedia.org/wiki/Session_Initiation_Protocol)

   accounts.  This protocol is most commonly associated with VoIP
   sessions. [Patrik Karlsson]

 + sip-enum-users: Attempts to enumerate valid SIP user accounts.
   Currently only the SIP server Asterisk is supported. [Patrik
   Karlsson]

 + smb-mbenum: Queries information managed by the Windows Master
   Browser. [Patrik Karlsson]

 + smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
   within versions of Exim prior to version 4.69 (CVE-2010-4344) and
   a privilege escalation vulnerability in Exim 4.72 and prior
   (CVE-2010-4345). [Djalal Harouni]

 + smtp-vuln-cve2011-1720: Checks for a memory corruption in the
   Postfix SMTP server when it uses Cyrus SASL library authentication
   mechanisms (CVE-2011-1720).  This vulnerability can allow denial
   of service and possibly remote code execution. [Djalal Harouni]

 + snmp-ios-config: Attempts to downloads Cisco router IOS
   configuration files using SNMP RW (v1) and display or save
   them. [Vikas Singhal, Patrik Karlsson]

 + ssl-known-key: Checks whether the SSL certificate used by a host
   has a fingerprint that matches an included database of problematic
   keys. [Mak Kolybabi]

 + targets-sniffer: Sniffs the local network for a configurable
   amount of time (10 seconds by default) and prints discovered
   addresses. If the newtargets script argument is set, discovered
   addresses are added to the scan queue. [Nick Nikolaou]

 + xmpp: Connects to an XMPP server (port 5222) and collects server
   information such as supported auth mechanisms, compression methods
   and whether TLS is supported and mandatory. [Vasiliy Kulikov]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
 host discovery, version detection, Nmap Scripting Engine.  This
 release dramatically expands and improves IPv6 support:
 + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
   etc.) are now supported. [David, Weilin]
 + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
   discovery packets, etc.) is now supported. [David, Weilin]
 + IPv6 traceroute is now supported [David]
 + IPv6 protocol scan (-sO) is now supported, including creating
   realistic headers for many protocols. [David]
 + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
   Miller, Patrik]
 + The --exclude and --excludefile now support IPV6 addresses with
   netmasks.  [Colin]

o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
 purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
 so you can scan it during IPv6 testing.  We also added a DNS record
 for ScanmeV6.nmap.org which is IPv6-only. See
 http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]

o The Nmap.Org website as well as sister sites Insecure.Org,
 SecLists.Org, and SecTools.Org all have working IPv6 addresses now
 (dual stacked). [Fyodor]

o Nmap now determines the filesystem location it is being run from and
 that path is now included early in the search path for data files
 (such as nmap-services).  This reduces the likelihood of needing to
 specify --datadir or getting data files from a different version of
 Nmap installed on the system.  For full details, see
 http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
 to Solar Designer for implementation advice. [David]

o Created a page on our SecWiki for collecting Nmap script ideas! If
 you have a good idea, post it to the incoming section of the page.
 Or if you're in a script writing mood but don't know what to write,
 come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.

o The development pace has greatly increased because Google (again)
 sponsored a 7 full-time college and graduate student programmer
 interns this summer as part of their Summer of Code program!
 Thanks, Google Open Source Department!  We're delighted to introduce
 the team: http://seclists.org/nmap-dev/2011/q2/312

o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
 can read about them all at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + creds: Handles storage and retrieval of discovered credentials
   (such as passwords discovered by brute force scripts). [Patrik
   Karlsson]

 + ncp: A tiny implementation of Novell Netware Core Protocol
   (NCP). [Patrik Karlsson]

 + omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
   Doreau]

 + sip: Supports a limited subset of SIP commands and
   methods. [Patrik Karlsson]

 + smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
   Harouni]

 + srvloc: A relatively small implementation of the Service Location
   Protocol. [Patrik Karlsson]

 + tftp: Implements a minimal TFTP server. It is used in
   snmp-ios-config to obtain router config files.[Patrik Karlsson]

o Improved Nmap's service/version detection database by adding:
 + Apple iPhoto (DPAP) protocol probe [Patrik]
 + Zend Java Bridge probe [Michael Schierl]
 + BackOrifice probe [Gorjan Petrovski]
 + GKrellM probe [Toni Ruotto]
 + Signature improvements for a wide variety of services (we now have
   7,375 signatures)

o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
 found during the scan which share the same hostkey. [Henri Doreau]

o [NSE] Added 300+ new signatures to http-enum which look for admin
 directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
 and more. [Paulino]

o Made the final IP address space assignment update as all available
 IPv4 address blocks have now been allocated to the regional
 registries.  Our random IP generation (-iR) logic now only excludes
 the various reserved blocks.  Thanks to Kris for years of regular
 updates to this function!

o [NSE] Replaced http-trace with a new more effective version. [Paulino]

o Performed some output cleanup work to remove unimportant status
 lines so that it is easier to find the good stuff! [David]

o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
 scan or quit Zenmap on Windows. [Shinnok]

o [NSE] Banned scripts from being in both the "default" and
 "intrusive" categories.  We did this by removing dhcp-discover and
 dns-zone-transfer from the set of scripts run by default (leaving
 them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
 http-open-proxy, and socks-open-proxy as "safe" rather than
 "intrusive" (keeping them in the "default" set).

o [NSE] Added a credential storage library (creds.lua) and modified
 the brute library and scripts to make use of it. [Patrik]

o [Ncat] Created a portable version of ncat.exe that you can just drop
 onto Microsoft Windows systems without having to run any installer
 or copy over extra library files. See the Ncat page
 (http://nmap.org/ncat/) for binary downloads and a link to build
 instructions. [Shinnok]

o Fix a segmentation fault which could occur when running Nmap on
 various Android-based phones.  The problem related to NULL being
 passed to freeaddrinfo(). [David, Vlatko Kosturjak]

o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
 16-byte IPv6 addresses. [David]

o [Ncat] Updated the ca-bundle.crt list of trusted certificate
 authority certificates. [David]

o [NSE] Fixed a bug in the SMB Authentication library which could
 prevent concurrently running scripts with valid credentials from
 logging in. [Chris Woodbury]

o [NSE] Re-worked http-form-brute.nse to better autodetect form
 fields, allow brute force attempts where only the password (no
 username) is needed, follow HTTP redirects, and better detect
 incorrect login attempts. [Patrik, Daniel Miller]

o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
 selection from "all" to "default or (discovery and safe)"
 categories.  Except for testing and debugging, "--script all" is
 rarely desirable.

o [NSE] Added the stdnse.silent_require method which is used for
 library requires that you know might fail (e.g. "openssl" fails if
 Nmap was compiled without that library).  If these libraries are
 called with silent_require and fail to load, the script will cease
 running but the user won't be presented with ugly failure messages
 as would happen with a normal require. [Patrick Donnelly]

o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
 -l. It works as before if you specify -4 or -6 or a specific
 address. [Colin Rice]

o [Zenmap] Fixed a bug in topology mapper which caused endpoints
 behind firewalls to sometimes show up in the wrong place (see
 http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]

o [Zenmap] If you scan a system twice, any open ports from the first
 scan which are closed in the 2nd will be properly marked as
 closed. [Colin Rice].

o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
 integer is required") if a sort column in the ports table was unset.
 [David]

o [Ndiff] Added nmaprun element information (Nmap version, scan date,
 etc.) to the diff.  Also, the Nmap banner with version number and
 data is now only printed if there were other differences in the
 scan. [Daniel Miller, David, Dr. Jesus]

o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
 so scripts can access characteristics of the scanning interface.
 Removed nmap.get_interface_link. [Djalal]

o Fixed an overflow in scan elapsed time display that caused negative
 times to be printed after about 25 days. [Daniel Miller]

o Updated nmap-rpc from the master list, now maintained by IANA.
 [Daniel Miller, David]

o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
 interpreted as -sn (no port scan). This was reported by
 Shitaneddine. [David]

o [Ndiff] Fixed the Mac OS X packages to use the correct path for
 Python: /usr/bin/python instead of /opt/local/bin/python. The bug
 was reported by Wellington Castello. [David]

o Removed the -sR (RPC scan) option--it is now an alias for -sV
 (version scan), which always does RPC scan when an rpcinfo service
 is detected.

o [NSE] Improved the ms-sql scripts and library in several ways:
 - Improved version detection and server discovery
 - Added support for named pipes, integrated authentication, and
   connecting to instances by name or port
 - Improved script and library stability and documentation.
 [Patrik Karlsson, Chris Woodbury]

o [NSE] Fixed http.validate_options when handling a cookie table.
 [Sebastian Prengel]

o Added a Service Tags UDP probe for port 6481/udp. [David]

o [NSE] Enabled firewalk.nse to automatically find the gateways at
 which probes are dropped and fixed various bugs. [Henri Doreau]

o [Zenmap] Worked around a pycairo bug that prevented saving the
 topology graphic as PNG on Windows: "Error Saving Snapshot:
 Surface.write_to_png takes one argument which must be a filename
 (str), file object, or a file-like object which has a 'write' method
 (like StringIO)". The problem was reported by Alex Kah. [David]

o The -V and --version options now show the platform Nmap was compiled
 on, which features are compiled in, the version numbers of libraries
 it is linked against, and whether the libraries are the ones that
 come with Nmap or the operating system.  [Ambarisha B., David]

o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
 from netVigilance.

o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]

o [NSE] Added a shortport.ssl function which can be used as a script
 portrule to match SSL services.  It is similar in concept to our
 existing shortport.http. [David]

o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
 packages (on CentOS 5.3) to resolve a report of Nmap failing to run
 on old versions of Glibc. [David]

o We no longer support Nmap on versions of Windows earlier than XP
 SP2.  Even Microsoft no longer supports Windows versions that old.
 But if you must use Nmap on such systems anyway, please see

https://secwiki.org/w/Nmap_On_Old_Windows_Releases.

o There were hundreds of other little bug fixes and improvements
 (especially to NSE scripts).  See the SVN logs for revisions 22,274
 through 24,460 for details.

To Download Nmap 5.59 BETA 1 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nmap 5.59 BETA1 (With 40 new NSE scripts)"https://www.voiceofgreyhat.com/2011/07/nmap-559-beta1-with-40-new-nse-scripts.html</a>