Showing posts sorted by date for query cisco. Sort by relevance Show all posts
Showing posts sorted by date for query cisco. Sort by relevance Show all posts

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

Posted by Avik Sarkar On 5/09/2013 04:28:00 pm

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:
  • Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
  • Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
  • Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.
GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

Posted by Avik Sarkar On 10/28/2012 04:38:00 am

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India (DSCI) announced that the Annual Information Security Summit 2012 will be held on 11-12 December at Taj Lands End, Mumbai. The NASSCOM-DSCI Annual Information Security Summit this year will focus on the national cyber security elements- Framework, Machinery, Responsibility & Operations for all the critical information sectors like power, energy and finance where deliberation will take place on operating technologies like smart grid and industrial control system; the security and privacy imperatives of eCommerce, mCommerce and eGovernance application and platforms. The Summit will provide an opportunity to have focused discussions with government leaders along with global experts who will talk about the security ramifications at the global level. Special features such as celebrating the success of women leaders in the field of security, Workshop on IT Act and release of DSCI assessment frameworks will also be part of the annual summit. The addition of DSCIExcellence Awards 2012 to Corporate and LEAs this year along with Annual summit will truly make this as a platform where India Meets for Security. 

Who Should Attend:-

Organizations:
  • User Organization – Banks, Finance, Telecom, Manufacturing, Energy
  • Government & PSUs
  • Technology & Service Providers
  • Security Product/ Services Companies
  • Academia
Individuals:
  • Business Leaders
  • IT Leadership
  • Security & Privacy Leadership
  • Security Professionals
  • Security Implementer | Administrator | Officer

Participation benefits:
  • Learn about new challenges, threats and vulnerabilities
  • Gain Strategic direction & practical guidance
  • Explore new approaches, practices, technologies and services
  • Discover market developments and get a feel of technology products
  • Discuss on public policies for cyber security and privacy
  • Interact with national, government and global leadership
Agenda:- 
 
Tentative Agenda Topics for Annual Information Security Summit’12 : Day 1
Time
Session
0930 to 1015
Inaugural + Key Note
1015 to 1115
National Imperatives of Securing Operational Technologies … Smart Grids, Oil & Gas, & Public Utilities
1115 to 1140
Tea Break
1140 to 1200
Platinum Session 1 by Verizon
1200 to 1250
Protecting Key Economic Assets, Securing Financial Backbone
…. Stock Exchange, Payment Infrastructures & Financial Switches
1250 to 1310
Platinum Session 2 by TCG
1310 to 1415
Lunch Break
1415 to 1430
Special feature
1430 to 1520
Architecting Security for New Age Banking
… Business Models, Technology Transformations & Channel Revolutions in the midst of Organized, Focused, Advanced & Persistent Cyber Threats
1520 to 1540
Special feature by HP
1540 to 1640
Revolution named Clobile, Nightmare for Security? … Enterprise Mobility, Mobile Apps and Cloud Enablement Data driven Businesses
1640 to 1700
Tea Break
1700 to 1800
Data driven Businesses – Data reason for Empowerment and Concern
… Big Data, Context Computing & Social Media Computing
1800 to 1900
Networking and Exhibition
1900 to 2030
DSCI Excellence Awards 2012
  • Corporate
  • Law Enforcement
2030 Onwards
Cocktail Dinner
Day 2
Time
Session
0930 to 1030
Cyber Security, from National Responsibility to Global Accountability
… Cyber diplomacy, converging national and international interests
1030 to 1100
Special Feature by CISCO
1100 to 1130
Tea Break
1130 to 1230
Securing Technology Transformation of Governance … eGovernance projects, Security Challenges & Solutions
1230 to 1315
Rendezvous with Women Security Leaders: Special Interaction …. Security, Challenges and Opportunities for Women
1315 to 1415
Lunch Break
1415 to 1515
Security Enablement of Growing Electronic & Mobile Commerce
… Rising Volume & Growth of Commerce, Security as Enabler
1515 to 1600
Securing core, edge, access & connect: reappearance of network on agenda of security
… Finding the role of network security: Infrastructure Core, Hyer-extensive organizations, Access complexities, Mobility & External exposures
1600 to 1630
Tea Break
1630 to 1730
Consumer Behaviors and Business Responsibilities In the Information Age … Responsible Behaviors, Fair Business Practices & Enabling Technologies

To Get Yourself Registrar For the Event Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances

Posted by Avik Sarkar On 3/17/2012 08:16:00 pm

Cisco Closed Remote Code Execution & DoS Vulnerability in Security Appliances 
Giant of networking equipment manufacturer CISCO warning of a critical vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA). An unauthenticated attacker can remotely execute arbitrary code and compromise a victim's system. The problem is located in a Cisco port forwarding ActiveX control – distributed to client systems by ASA as part of the Clientless VPN feature – that can be used to cause a buffer overflow attack.  Versions 7.1 and 7.2, as well as 8.0 to 8.6 of the Cisco ASA software are affected. Cisco has contacted Microsoft and requested that it set a global kill bit for the vulnerable control in a future update, which will disable the exploitable control on affected systems. The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory. In their security updates CISCO also closes the denial of service hole in  ASA 5500 Series appliances and the Catalyst 6500 Series ASA Services Module (ASASM).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)

Posted by Avik Sarkar On 2/28/2012 06:38:00 pm

CISCO & Intel is Vulnerable To XSS Said Ion (Team Openfire)
A hacker named Ion from Team Openfire has found security holes in the official website of CISCO developer & Intel® Processors and Boards Compatibility Tool. The hacker claimed that he has reported both the authorities about the vulnerability. From them he did not get any positive reply so he decided to disclose the matter that CISCO & Intel websites are vulnerable to non-persistent XSS attacks. 

Intel:- 

The above screen shot have been submitted by the hacker which clearly indicating that Intel is indeed vulnerable to XSS attack. According to the hacker the search box of Intel® Processors and Boards Compatibility Tool is vulnerable to XSS . But later Intel confirms that the security hole has been patched. 

CISCO:-

Yet again the hacker also submitted the screen shot which clearly indicating that CISCO is indeed vulnerable to XSS attack. Here again he shared the vulnerability link with us. So far CSICO did not take this one seriously and the vulnerable status is un-patched.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

OpenSSL 1.0.0g Released, Denial Of Service (DoS) Vulnerability Fixed

Posted by Avik Sarkar On 1/20/2012 09:13:00 pm


Developers of OpenSSL has released their new version 1.0.0g and 0.9.8t of OpenSSL to address a denial of service issue introduced by one of the six fixes included in the version they released earlier this month. The problem was created by the fix for a critical vulnerability in the CBC ("Cipher block chaining") encryption mode which enabled plaintext recovery of OpenSSL's implementation of DTLS (Datagram TLS). Accordingly, the advisory notes that the DoS flaw only affects users using DTLS applications that use OpenSSL 1.0.0f and 0.9.8s. The developers credit Antonio Martin of Cisco Systems for discovering the bug and preparing the fix for it.

Brief About OpenSSL:-
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.



To Download The Source Code Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service

Posted by Avik Sarkar On 12/01/2011 06:07:00 pm


Google, Microsoft, Yahoo, AOL jointly enhancing the Agari anti-phishing service. Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.
The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening. "Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told the media in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."
Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.
Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies. "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."
Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.  



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

London is Hosting Major International Cyber-Security Conference

Posted by Avik Sarkar On 11/02/2011 05:03:00 pm


London is hosting a major international conference on the threat from cybersecurity attacks. Representatives of 60 nations are gathering to discuss how to tackle the rising levels of cybercrime. Foreign Secretary William Hague convened the London Conference on Cyberspace, and urged a "global co-ordinated response" on policy.
However, Wikipedia founder, Jimmy Wales, warned that ill-advised interventions posed their own risks. The event comes a day after intelligence agency GCHQ warned that cyberattacks on the UK were at "disturbing" levels.
Experts attending the two-day conference include EU digital supremo Neelie Kroes, Cisco's vice-president Brad Boston and Joanna Shields, a senior executive at Facebook. US Secretary of State Hillary Clinton had been due to attend, but cancelled the trip on Monday night after her 92-year-old mother fell ill. Mr Hague led the opening session. "We want to widen the pool of nations and cyberusers that agree with us about the need for norms of behaviour, and who want to seek a future cyberspace based on opportunity, freedom, innovation, human rights and partnership, between government, civil society and the private sector," he said. However Mr Wales, who also took part in the first event, urged caution. "The biggest threat to the internet is not cybercriminals, but misguided or overreaching government policy," he said.
Prime Minister David Cameron appeared to agree that politicians should resist the temptation to be heavy-handed. "Governments must not use cyber security as an excuse for censorship," he said.

For details information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DDoS Vulnerability in Cisco Video Surveillance IP Cameras

Posted by Avik Sarkar On 10/31/2011 04:49:00 pm


Denial of Service Vulnerability found in Cisco Video Surveillance IP Cameras.
According to CISCO:-
A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras.  Mitigations that can be deployed on Cisco devices within the network are available.
Vulnerable Products:-
Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series are affected by this vulnerability. For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all 1.1.x software releases and releases prior 2.4.0 are affected by this vulnerability. For Cisco Video Surveillance 2600 IP Camera, all software releases before 4.2.0-13 are affected by this vulnerability.
Details:-
The Cisco Video Surveillance IP Cameras are feature-rich digital cameras designed to provide superior performance in a wide variety of video surveillance applications.
Cisco Video Surveillance IP Cameras RTSP Crafted Packet Vulnerability. The Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series of devices are affected by a RSTP TCP crafted packets denial of service vulnerability that may allow an unauthenticated attacker to cause the device to reload by sending a series of crafted packets. This vulnerability can be exploited from both wired and wireless segments.

  • For more information click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Denial of Service Vulnerability in Cisco IOS Software IPv6

Posted by Avik Sarkar On 10/02/2011 03:38:00 pm


Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.
Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
Note:- The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. 


Affected Products:-

Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is executed.
The show ipv6 interface brief command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios.
Sample output of the show ipv6 interface brief command on a system that is configured for IPv6 operation follows:-
router>show ipv6 interface brief 
FastEthernet0/0            [up/up]
    FE80::222:90FF:FEB0:1098
    2001:DB8:2:93::3
    200A:1::1
FastEthernet0/1            [up/up]
    FE80::222:90FF:FEB0:1099
    2001:DB8:2:94::1
Serial0/0/0                [down/down]
    unassigned
Serial0/0/0.4              [down/down]
    unassigned
Serial0/0/0.5              [down/down]
    unassigned
Serial0/0/0.6              [down/down]
    unassigned
Alternatively, the IPv6 protocol is enabled if the interface configuration command ipv6 address <IPv6 address> or ipv6 enable is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows:-
interface FastEthernet0/1
 ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
 ipv6 enable
A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets).
To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated
 For Additional information click Here


-News Source (Cisco)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 5.59 BETA1 (With 40 new NSE scripts)

Posted by Avik Sarkar On 7/01/2011 07:55:00 pm



Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!

o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
 more about any of them at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + afp-ls: Lists files and their attributes from Apple Filing
   Protocol (AFP) volumes. [Patrik Karlsson]

 + backorifice-brute: Performs brute force password auditing against
   the BackOrifice remote administration (trojan) service. [Gorjan
   Petrovski]

 + backorifice-info: Connects to a BackOrifice service and gathers
   information about the host and the BackOrifice service
   itself. [Gorjan Petrovski]

 + broadcast-avahi-dos: Attempts to discover hosts in the local
   network using the DNS Service Discovery protocol, then tests
   whether each host is vulnerable to the Avahi NULL UDP packet
   denial of service bug (CVE-2011-1002). [Djalal Harouni]

 + broadcast-netbios-master-browser: Attempts to discover master
   browsers and the Windows domains they manage. [Patrik Karlsson]

 + broadcast-novell-locate: Attempts to use the Service Location
   Protocol to discover Novell NetWare Core Protocol (NCP)
   servers. [Patrik Karlsson]

 + creds-summary: Lists all discovered credentials (e.g. from brute
   force and default password checking scripts) at end of scan.
   [Patrik Karlsson]

 + dns-brute: Attempts to enumerate DNS hostnames by brute force
   guessing of common subdomains. [Cirrus]

 + dns-nsec-enum: Attempts to discover target hosts' services using
   the DNS Service Discovery protocol. [Patrik Karlsson]

 + dpap-brute: Performs brute force password auditing against an
   iPhoto Library. [Patrik Karlsson]

 + epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
   retrieves a list of nodes with their respective port
   numbers. [Toni Ruottu]

 + http-affiliate-id: Grabs affiliate network IDs (e.g. Google
   AdSense or Analytics, Amazon Associates, etc.) from a web
   page. These can be used to identify pages with the same
   owner. [Hani Benhabiles, Daniel Miller]

 + http-barracuda-dir-traversal: Attempts to retrieve the
   configuration settings from a Barracuda Networks Spam & Virus
   Firewall device using the directory traversal vulnerability
   described at
   http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]

 + http-cakephp-version: Obtains the CakePHP version of a web
   application built with the CakePHP framework by fingerprinting
   default files shipped with the CakePHP framework. [Paulino
   Calderon]

 + http-majordomo2-dir-traversal: Exploits a directory traversal
   vulnerability existing in the Majordomo2 mailing list manager to
   retrieve remote files. (CVE-2011-0049). [Paulino Calderon]

 + http-wp-plugins: Tries to obtain a list of installed WordPress
   plugins by brute force testing for known plugins. [Ange Gutek]

 + ip-geolocation-geobytes: Tries to identify the physical location
   of an IP address using the Geobytes geolocation web service
   (http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]

 + ip-geolocation-geoplugin: Tries to identify the physical location
   of an IP address using the Geoplugin geolocation web service
   (http://www.geoplugin.com/). [Gorjan Petrovski]

 + ip-geolocation-ipinfodb: Tries to identify the physical location
   of an IP address using the IPInfoDB geolocation web service
   (http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]

 + ip-geolocation-maxmind: Tries to identify the physical location of
   an IP address using a Geolocation Maxmind database file (available
   from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]

 + ldap-novell-getpass: Attempts to retrieve the Novell Universal
   Password for a user. You must already have (and include in script
   arguments) the username and password for an eDirectory server
   administrative account. [Patrik Karlsson]

 + mac-geolocation: Looks up geolocation information for BSSID (MAC)
   addresses of WiFi access points in the Google geolocation
   database. [Gorjan Petrovski]

 + mysql-audit: Audit MySQL database server security configuration
   against parts of the CIS MySQL v1.0.2 benchmark (the engine can
   also be used for other MySQL audits by creating appropriate audit
   files).  [Patrik Karlsson]

 + ncp-enum-users: Retrieves a list of all eDirectory users from the
   Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]

 + ncp-serverinfo: Retrieves eDirectory server information (OS
   version, server name, mounts, etc.) from the Novell NetWare Core
   Protocol (NCP) service. [Patrik Karlsson]

 + nping-brute: Performs brute force password auditing against an
   Nping Echo service. [Toni Ruottu]

 + omp2-brute: Performs brute force password auditing against the
   OpenVAS manager using OMPv2. [Henri Doreau]

 + omp2-enum-targets: Attempts to retrieve the list of target systems
   and networks from an OpenVAS Manager server. [Henri Doreau]

 + ovs-agent-version: Detects the version of an Oracle OVSAgentServer
   by fingerprinting responses to an HTTP GET request and an XML-RPC
   method call. [David Fifield]

 + quake3-master-getservers: Queries Quake3-style master servers for
   game servers (many games other than Quake 3 use this same
   protocol). [Toni Ruottu]

 + servicetags: Attempts to extract system information (OS, hardware,
   etc.) from the Sun Service Tags service agent (UDP port
   6481). [Matthew Flanagan]

 + sip-brute: Performs brute force password auditing against Session
   Initiation Protocol (SIP -

http://en.wikipedia.org/wiki/Session_Initiation_Protocol)

   accounts.  This protocol is most commonly associated with VoIP
   sessions. [Patrik Karlsson]

 + sip-enum-users: Attempts to enumerate valid SIP user accounts.
   Currently only the SIP server Asterisk is supported. [Patrik
   Karlsson]

 + smb-mbenum: Queries information managed by the Windows Master
   Browser. [Patrik Karlsson]

 + smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
   within versions of Exim prior to version 4.69 (CVE-2010-4344) and
   a privilege escalation vulnerability in Exim 4.72 and prior
   (CVE-2010-4345). [Djalal Harouni]

 + smtp-vuln-cve2011-1720: Checks for a memory corruption in the
   Postfix SMTP server when it uses Cyrus SASL library authentication
   mechanisms (CVE-2011-1720).  This vulnerability can allow denial
   of service and possibly remote code execution. [Djalal Harouni]

 + snmp-ios-config: Attempts to downloads Cisco router IOS
   configuration files using SNMP RW (v1) and display or save
   them. [Vikas Singhal, Patrik Karlsson]

 + ssl-known-key: Checks whether the SSL certificate used by a host
   has a fingerprint that matches an included database of problematic
   keys. [Mak Kolybabi]

 + targets-sniffer: Sniffs the local network for a configurable
   amount of time (10 seconds by default) and prints discovered
   addresses. If the newtargets script argument is set, discovered
   addresses are added to the scan queue. [Nick Nikolaou]

 + xmpp: Connects to an XMPP server (port 5222) and collects server
   information such as supported auth mechanisms, compression methods
   and whether TLS is supported and mandatory. [Vasiliy Kulikov]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
 host discovery, version detection, Nmap Scripting Engine.  This
 release dramatically expands and improves IPv6 support:
 + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
   etc.) are now supported. [David, Weilin]
 + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
   discovery packets, etc.) is now supported. [David, Weilin]
 + IPv6 traceroute is now supported [David]
 + IPv6 protocol scan (-sO) is now supported, including creating
   realistic headers for many protocols. [David]
 + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
   Miller, Patrik]
 + The --exclude and --excludefile now support IPV6 addresses with
   netmasks.  [Colin]

o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
 purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
 so you can scan it during IPv6 testing.  We also added a DNS record
 for ScanmeV6.nmap.org which is IPv6-only. See
 http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]

o The Nmap.Org website as well as sister sites Insecure.Org,
 SecLists.Org, and SecTools.Org all have working IPv6 addresses now
 (dual stacked). [Fyodor]

o Nmap now determines the filesystem location it is being run from and
 that path is now included early in the search path for data files
 (such as nmap-services).  This reduces the likelihood of needing to
 specify --datadir or getting data files from a different version of
 Nmap installed on the system.  For full details, see
 http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
 to Solar Designer for implementation advice. [David]

o Created a page on our SecWiki for collecting Nmap script ideas! If
 you have a good idea, post it to the incoming section of the page.
 Or if you're in a script writing mood but don't know what to write,
 come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.

o The development pace has greatly increased because Google (again)
 sponsored a 7 full-time college and graduate student programmer
 interns this summer as part of their Summer of Code program!
 Thanks, Google Open Source Department!  We're delighted to introduce
 the team: http://seclists.org/nmap-dev/2011/q2/312

o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
 can read about them all at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + creds: Handles storage and retrieval of discovered credentials
   (such as passwords discovered by brute force scripts). [Patrik
   Karlsson]

 + ncp: A tiny implementation of Novell Netware Core Protocol
   (NCP). [Patrik Karlsson]

 + omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
   Doreau]

 + sip: Supports a limited subset of SIP commands and
   methods. [Patrik Karlsson]

 + smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
   Harouni]

 + srvloc: A relatively small implementation of the Service Location
   Protocol. [Patrik Karlsson]

 + tftp: Implements a minimal TFTP server. It is used in
   snmp-ios-config to obtain router config files.[Patrik Karlsson]

o Improved Nmap's service/version detection database by adding:
 + Apple iPhoto (DPAP) protocol probe [Patrik]
 + Zend Java Bridge probe [Michael Schierl]
 + BackOrifice probe [Gorjan Petrovski]
 + GKrellM probe [Toni Ruotto]
 + Signature improvements for a wide variety of services (we now have
   7,375 signatures)

o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
 found during the scan which share the same hostkey. [Henri Doreau]

o [NSE] Added 300+ new signatures to http-enum which look for admin
 directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
 and more. [Paulino]

o Made the final IP address space assignment update as all available
 IPv4 address blocks have now been allocated to the regional
 registries.  Our random IP generation (-iR) logic now only excludes
 the various reserved blocks.  Thanks to Kris for years of regular
 updates to this function!

o [NSE] Replaced http-trace with a new more effective version. [Paulino]

o Performed some output cleanup work to remove unimportant status
 lines so that it is easier to find the good stuff! [David]

o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
 scan or quit Zenmap on Windows. [Shinnok]

o [NSE] Banned scripts from being in both the "default" and
 "intrusive" categories.  We did this by removing dhcp-discover and
 dns-zone-transfer from the set of scripts run by default (leaving
 them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
 http-open-proxy, and socks-open-proxy as "safe" rather than
 "intrusive" (keeping them in the "default" set).

o [NSE] Added a credential storage library (creds.lua) and modified
 the brute library and scripts to make use of it. [Patrik]

o [Ncat] Created a portable version of ncat.exe that you can just drop
 onto Microsoft Windows systems without having to run any installer
 or copy over extra library files. See the Ncat page
 (http://nmap.org/ncat/) for binary downloads and a link to build
 instructions. [Shinnok]

o Fix a segmentation fault which could occur when running Nmap on
 various Android-based phones.  The problem related to NULL being
 passed to freeaddrinfo(). [David, Vlatko Kosturjak]

o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
 16-byte IPv6 addresses. [David]

o [Ncat] Updated the ca-bundle.crt list of trusted certificate
 authority certificates. [David]

o [NSE] Fixed a bug in the SMB Authentication library which could
 prevent concurrently running scripts with valid credentials from
 logging in. [Chris Woodbury]

o [NSE] Re-worked http-form-brute.nse to better autodetect form
 fields, allow brute force attempts where only the password (no
 username) is needed, follow HTTP redirects, and better detect
 incorrect login attempts. [Patrik, Daniel Miller]

o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
 selection from "all" to "default or (discovery and safe)"
 categories.  Except for testing and debugging, "--script all" is
 rarely desirable.

o [NSE] Added the stdnse.silent_require method which is used for
 library requires that you know might fail (e.g. "openssl" fails if
 Nmap was compiled without that library).  If these libraries are
 called with silent_require and fail to load, the script will cease
 running but the user won't be presented with ugly failure messages
 as would happen with a normal require. [Patrick Donnelly]

o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
 -l. It works as before if you specify -4 or -6 or a specific
 address. [Colin Rice]

o [Zenmap] Fixed a bug in topology mapper which caused endpoints
 behind firewalls to sometimes show up in the wrong place (see
 http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]

o [Zenmap] If you scan a system twice, any open ports from the first
 scan which are closed in the 2nd will be properly marked as
 closed. [Colin Rice].

o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
 integer is required") if a sort column in the ports table was unset.
 [David]

o [Ndiff] Added nmaprun element information (Nmap version, scan date,
 etc.) to the diff.  Also, the Nmap banner with version number and
 data is now only printed if there were other differences in the
 scan. [Daniel Miller, David, Dr. Jesus]

o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
 so scripts can access characteristics of the scanning interface.
 Removed nmap.get_interface_link. [Djalal]

o Fixed an overflow in scan elapsed time display that caused negative
 times to be printed after about 25 days. [Daniel Miller]

o Updated nmap-rpc from the master list, now maintained by IANA.
 [Daniel Miller, David]

o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
 interpreted as -sn (no port scan). This was reported by
 Shitaneddine. [David]

o [Ndiff] Fixed the Mac OS X packages to use the correct path for
 Python: /usr/bin/python instead of /opt/local/bin/python. The bug
 was reported by Wellington Castello. [David]

o Removed the -sR (RPC scan) option--it is now an alias for -sV
 (version scan), which always does RPC scan when an rpcinfo service
 is detected.

o [NSE] Improved the ms-sql scripts and library in several ways:
 - Improved version detection and server discovery
 - Added support for named pipes, integrated authentication, and
   connecting to instances by name or port
 - Improved script and library stability and documentation.
 [Patrik Karlsson, Chris Woodbury]

o [NSE] Fixed http.validate_options when handling a cookie table.
 [Sebastian Prengel]

o Added a Service Tags UDP probe for port 6481/udp. [David]

o [NSE] Enabled firewalk.nse to automatically find the gateways at
 which probes are dropped and fixed various bugs. [Henri Doreau]

o [Zenmap] Worked around a pycairo bug that prevented saving the
 topology graphic as PNG on Windows: "Error Saving Snapshot:
 Surface.write_to_png takes one argument which must be a filename
 (str), file object, or a file-like object which has a 'write' method
 (like StringIO)". The problem was reported by Alex Kah. [David]

o The -V and --version options now show the platform Nmap was compiled
 on, which features are compiled in, the version numbers of libraries
 it is linked against, and whether the libraries are the ones that
 come with Nmap or the operating system.  [Ambarisha B., David]

o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
 from netVigilance.

o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]

o [NSE] Added a shortport.ssl function which can be used as a script
 portrule to match SSL services.  It is similar in concept to our
 existing shortport.http. [David]

o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
 packages (on CentOS 5.3) to resolve a report of Nmap failing to run
 on old versions of Glibc. [David]

o We no longer support Nmap on versions of Windows earlier than XP
 SP2.  Even Microsoft no longer supports Windows versions that old.
 But if you must use Nmap on such systems anyway, please see

https://secwiki.org/w/Nmap_On_Old_Windows_Releases.

o There were hundreds of other little bug fixes and improvements
 (especially to NSE scripts).  See the SVN logs for revisions 22,274
 through 24,460 for details.

To Download Nmap 5.59 BETA 1 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CISCO said IOS XR Software is Vulnerable

Posted by Avik Sarkar On 5/28/2011 02:25:00 pm



Cisco (NSDQ:CSCO) this week issued several new security advisories related to its content delivery system Internet streamer, Web management interfaces, IOS XR software platform and XR 12000 series shared port adapters. The updates, dated May 25, are the most recent batch from Cisco since warning users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers in late April. The updates detail several new vulnerabilities. According to Cisco, the Cisco Internet Streamer application, which is part of Cisco's Content Delivery System, has a vulnerability in its Web server component that causes the Web server to crash when processing specially crafted URLs. Cisco has issued a free software update to address it; workarounds are not available. The vulnerability affects system software version 2.5.7 or later on Cisco's Internet Streamer application. Cisco also disclosed vulnerabilities in its RVS4000 four-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit security routers which, according to Cisco, have "several Web interface vulnerabilities that can be exploited by a remote, unauthenticated user." Cisco released software to address each; affected lines are the Cisco RVS4000 Gigabit Security Router v1 and v2 and the Cisco WRVS4400N Wireless-N Gigabit Security Routers v1, v1.1 and v2. Cisco noted that both v1 and v1.1 of the WRVS4400N routers previously were made end-of-life and the company will not be making further firmware updates to either. Also disclosed this week were vulnerabilities to Cisco IOS XR Software releases 3.8.3, 3.8.4 and 3.9.1, whereby an unauthenticated, remote user can trigger vulnerabilities by sending specific IPv4 packets to or through an affected device. Doing so, Cisco noted, could cause the NetIO process to restart and could prompt the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router to reload. Cisco is releasing free Software Maintenance Units to address the problems, which affect any device running those versions of Cisco IOS XR Software with an IPv4 address configured on an interface of a Cisco Line Card or Cisco CRS MSC. There are more headaches for Cisco IOS XR Software, Cisco said, specifically versions 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2 and 4.1.0. All are affected by a vulnerability in which an unauthenticated, remote user could trigger a reload of a Shared Port Adapters (SPA) interface processor by sending specific IPv4 packets to an affected device. As in the previous advisory, Cisco released free Software Maintenance Units. The vulnerability affects any device running the aforementioned Cisco IOS XR releases with an SPA interface processor installed. The last of Cisco's May 25 updates is a Denial of Service (DoS) vulnerability found in Cisco IOS XR Software in the SSH application, specifically when SSH version 1 is used. The vulnerability, according to Cisco, is a result of unremoved sshd_lock files that consume all available space in the /tmp filesystem. Cisco has released free software updates to address the issue, which affects all unfixed versions of Cisco IOS XR Software devices configured to accept SSHv1 connections.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ICASI Publishes Standardized Framework for Reporting IT System Vulnerabilities : CVRF Version 1.0

Posted by Avik Sarkar On 5/18/2011 01:05:00 pm




The Industry Consortium for Advancement of Security on the Internet (ICASI), a nonprofit association dedicated to enhancing global IT security by proactively driving excellence and innovation in security response, today announced the publication of its Common Vulnerability Reporting Framework (CVRF) Version 1.0.     

CVRF is an XML-based framework that enables stakeholders across different organizations to share critical vulnerability-related information in an open and common machine-readable format. This format replaces the myriad of current nonstandard reporting formats, thus speeding up information exchange and processing. CVRF is available to the public free of charge, along with additional information, at ICASI.org/cvrf.
"CVRF represents a true milestone in industry efforts to raise and broaden awareness of security vulnerabilities," said Linda Betz, president of ICASI and director of IT Policy and Information Security at IBM. "With the use of CVRF, the producers of vulnerability reports will benefit from faster and more standardized reporting. End users will be able to find, process and act upon relevant information more quickly and easily, with a higher level of confidence that the information is accurate and comprehensive. Consumers will ultimately benefit with safer systems and applications."
Although the computer security community has made significant progress in several other areas in recent years, including categorizing and ranking the severity of vulnerabilities in information systems, there has been no standard framework for creating vulnerability report documentation. Methods such as embedding security metric and vulnerability data inside response reports are all vendor-specific, non-standard and time consuming to decipher manually.
Through its CVRF Project, ICASI undertook to remedy this lack of standardization, using the Internet Engineering Task Force (IETF) draft Incident Object Description Exchange Format (IODEF) as a starting point. The project team – including contributors from ICASI Founding Members Cisco Systems, Intel Corporation, International Business Machines, Juniper Networks, Microsoft Corporation and Nokia, along with representatives from Oracle and Red Hat – also surveyed enterprise users about similarities and differences in current vulnerability reporting, asking them what future reporting methods should address. The team then expanded existing security documentation formats and integrated a best-of-breed solution into a common, open XML-based framework ‒ CVRF ‒ that brings consolidation and consistency to the security vulnerability documentation space, and is expected to grow organically among stakeholders.
The XML-based framework of CVRF predefines a large number of fields, with extensibility and robustness in mind. These fields are consistent in naming and data type, so that any organization that adopts and understands CVRF can easily produce documents or read the ones that another CVRF-equipped organization has produced. Independent discoverers of bugs, large vendors, security coordinators and end users of security response efforts worldwide can all write CVRF documents to share critical vulnerability-related information. Widespread use of CVRF will accelerate information dissemination and exchange and incident resolution as a result.
ICASI's intention is that CVRF be a living framework that will be enhanced and revised as necessary. ICASI plans to continue supporting CVRF to ensure that it will remain both stable and free for use by all. Implementers are encouraged to submit their suggestions for improvements to contactcvrf@memberws.org.     

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Going Mobile: Security in the Age of Ubiquity

Posted by Avik Sarkar On 5/11/2011 11:19:00 pm



This isn’t an official rant, but there’s one thing that drives me completely insane.  It’s a link in a message in my email.
As you might imagine, there are many touch points running a $2 billion security business. A lot of that gets manifested in Web-based applications that get issued for everything that happens within the organization: ordering prototype equipment, managing travel, hiring, and promotions. All of these apps generate an email. Any given day, I get 20 of these emails, and I have to respond to every one of them.
While all that’s expected is a review of the data and a simple click for approval, I’m often traveling and mostly working on a traditional email-only device, and so this simple task is impossible. Within a few hours these requests pile up and everyone’s freaking out, “Tom, you didn’t approve this yet?” My solution: I call my admin and go over each one of these decisions on the phone, often at odd hours. It’s ridiculous.
I find myself fantasizing about the ability to have just one device that I hold in my hand that allows me make all the important decisions I have to make every five minutes. Back to reality: I log onto my laptop, boot up, find a hot spot, launch the VPN, generate a token, connect, sync my mail, find the link, and then comes the magic “click.” Or I wake up my executive assistant.
Why the trouble? Simple: the enterprise needs to have security.  But this security blanket must extend beyond traditional corporate PCs to include the new consumer end point as well. A new study by Deloitte shows that companies will buy more than 10 million tablet computers this year and that for the first time, sales of personal computers will represent less than half of the total computing device market. And yet, for many of us, today the security blanket doesn’t cover the device du jour.  It needs to.  In a new world of myriad mobile devices, cloud-based apps and increasing rich media, we need to rethink security. Three major trends sweeping through the enterprise—the rapid rise of the consumerized end point , the adoption of cloud computing, and growing use of high definition video conferencing —are transforming business and demanding a fundamental shift in how security is developed and deployed. 
It’s time for a change. Security was developed when the enterprise network was relatively static and the Internet experience was totally different. Users came to work and sat at a desk that had a PC that rarely moved. It was connected by a wire to a port in the wall and it had a controlled set of software—the “corporate image,” which included security scanning and configuration.  This corporate end point was one of the primary places that security was enforced. The other place security was injected was at the edge of the corporate network.  Branch and remote traffic was backhauled to a small number of egress points where the corporate network met the Internet. Known as the DMZ, this is the place where network security traditionally resides: firewalls, IPS systems, Web and email gateways.
But today, as we work in a more distributed, mobile and cloud-oriented world, this traditional “hub and spoke” model of the network no longer makes sense. A vast array of consumer devices have flooded into the enterprise and blown the end point into a million pieces.  Furthermore, DMZ is becoming less relevant because the Internet touches the network in thousands of places, not ones or tens of places.
Additionally, companies engage in increasingly complex business relationships with contractors, partners, and suppliers, and often the number of non-traditional employees that need to access corporate assets exceeds the number of employees that need access! A new era of mobile computing and the modern, global, outsourced business has yielded a dynamic, uncontrolled, highly mobile user community.  And it’s not just users that are on the move, but corporate data is as well.  With the rapid onset of data center virtualization, cloud computing, and SaaS, it’s getting quite difficult for the IT team to point a finger and say, “my data resides here.”   
We need a new architecture to provide security in this type of world. Security solutions based on physical infrastructure, and policy expressed in terms of a particular device, the corporate PC, an IP address, network port, or application protocol are becoming useless in a mobile, borderless world. The new security architecture needs to have higher-level constructs so that a policy can be expressed in terms of the who, what, where, when, and how of security as opposed to the IP address. It needs to be separated from the physical infrastructure underneath it and instead, have security flow through it. And, it needs to be highly distributed so it can be deployed in hundreds of locations around the world—wherever the borderless enterprise touches the unwashed Internet.
The security architecture of tomorrow is no longer at the beginning or the end. It’s in the middle; it’s everywhere. In the future, security is a fabric that permeates the network, both within the corporate WAN and in the public cloud.
The good news for me is that within Cisco we have deployed our next gen security system.  “Eating our own caviar” as John Chambers likes to say.  So now I can read my email on my iPhone, and with our secure mobility solution, I can just click right through to my enterprise apps and approve away.  Huzzah!

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search