Stop blaming us

Occasionally, I see articles like this.

Hackers don’t, as a rule, need to go to such lengths to crack passwords. That’s because most of us fail to follow good security habits. A recent article on PhysOrg cites a study that found people are the weak link in computer security.

This is silly. People don’t need to “follow good security habits” unless they have “security” somewhere in their title. Security is a means to an end, and not the target. The target is to get the job done (or surf the web, or read your emails).

Saying this is not just silly – it’s also dangerous. When experts say “people are the weakest link in computer security”, they remove all responsibility from the security industry to make security better, and easier, for users. Why work on preventing brute-force attacks on passwords? Instead lets force our users to choose a 10 character password including at least 1 number and 1 letter of each case. Oh, and lets prevent those walking security hazards from saving the password in the browser on their malware infested machines. Yeah, that’ll teach them. The article over at discovery.com suggests I use e$4WruX7 as a password – a most helpful advice if I ever saw one. Here’s a better suggestion for you Jonathan: have the system lock out for 24 hours after 3 failed tries.That will make guessing a simple 6 digit-only PIN take more than 450 years.

Enough with this.  Users are not the weakest link any more than drivers are the weakest link in driving accidents. Sure, if we remove users (or drivers) from the equation, that solves all our problems. But since we can’t do that, lets focus on making seat belts, and airbags, and warning systems. Or easier (not harder!) password systems, better protected servers and better user interface.

Share

How to analyze timeline of 9/11 attacks – read pager traffic from N.Y. and Washington

Wikileaks has released hundreds of thousands pager messages from 11th September, 2001.

Link: 911.wikileaks.org/

Listings say that the messages are sent in networks of Arch Wireless, Metrocall, and SkyTel.

Share

Heathrow calling

Here’s a weird spam I got last night:

Hello

The route taken through Customs is mainly determined by your point of departure and whether you are bringing into the country more duty payable goods than your free allowance. For those passengers who have flown in from outside the European Community (EC), their baggage will have a white tag and they must pass through either the Red or Green channel according to the amount of duty free goods they have. Those passengers arriving from countries within the EC should use the Blue channel, and their baggage will have green-edged tag.

As part of our routine check and based on the above, we have a consignment in your name; you are advised to come to the office address below

Customs office
Terminal 3
Heathrow Airport

You are required to come with the following:
1. Your ID
2. Diplomatic Tag either white or green-edge tag.
3. Non Inspection document

Your appointment time is 10am GMT, failure to comply; we will have over the matter to Metropolitan and the FBI. I am the officer in charge of your matter.

Thomas Smith
UK Customs
Heathrow Airport

It’s weird, because it contains no advertisement, and no links. There’s nothing “encoded” in it -  it seems to be an old version of this notice.

So why would a spammer waste valuable botnet cycles on sending me the email? The only explanation I could come up with is “a boy who cried wolf” attack. You send this email a few times, and the Baysian filtering systems train themselves that this is a good email (i.e. “ham”). Most Baysian spam filtering systems have a loopback mechanism where spam email is used to train the system further, and ham email is used to teach the system what “good” email is. If this email is seen a few times and considered ham, spam filters will accept something similar to it that contains a link. That link, can be the spam or phishing attack.

Another guess is that it’s simply used to verify email addresses – you read that a scary Customs agent from Heathrow wants you in his office first thing tomorrow morning, and you quickly reply to ask what it’s about; the spammer (whose reply-to address is different than the “From”) gets a confirmation that your email address is valid, maybe with some more details like your phone number. This is a plausible explanation but it seems like too much hard work just to get some valid email addresses.
Any other guesses?

Share

Fuzzing anything that moves

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1332"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_4"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1332" dc:identifier="http://blogs.securiteam.com/index.php/archives/1332" dc:title="Fuzzing anything that moves" trackback:ping="http://blogs.securiteam.com/index.php/archives/1332/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1331"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1331" rel="bookmark" title="Is this the laziest 419 of all time?">Is this the laziest 419 of all time?</a></h2> <p class="postinfo"> Posted on November 14th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/davidh" title="Posts by David Harley" rel="author">David Harley</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a> | <a href="http://blogs.securiteam.com/index.php/archives/1331#comments" title="Comment on Is this the laziest 419 of all time?"><span class="dsq-postid" rel="1331 http://blogs.securiteam.com/index.php/archives/1331">1 Comment »</span></a> </p> <div class="entry"> <p>Subject: the sum of 1,000,000.00 Pounds<br /> From: British Tobacco Promo</p> <p>[<em>Most of the address fields spoofed a US educational institution, though the reply-to was an address in China.</em>]</p> <p>Message Body:</p> <p>You have won 1,000,000.00 Reply us with  your  details<br /> Name:Occupation:Country:Sex</p> <p>[<em>This message is actually several weeks old, but I just spotted it while cleaning up one of my mailboxes. Could any potential victim honestly be that naive?</em>]</p> <p>David Harley FBCS CITP CISSP<br /> Director of Malware Intelligence, ESET</p> <p>Also blogging at:<br /> <a href="http://dharley.wordpress.com/"> http://dharley.wordpress.com/</a><br /> <a href="http://www.eset.com/threat-center/blog"> http://www.eset.com/threat-center/blog</a><br /> <a href="http://avien.net/blog"> http://avien.net/blog</a><br /> <a href="http://blog.isc2.org/"> http://blog.isc2.org/</a></p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1331"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_5"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1331" dc:identifier="http://blogs.securiteam.com/index.php/archives/1331" dc:title="Is this the laziest 419 of all time?" trackback:ping="http://blogs.securiteam.com/index.php/archives/1331/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1330"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1330" rel="bookmark" title="HP buys 3COM: how will that impact ZDI?">HP buys 3COM: how will that impact ZDI?</a></h2> <p class="postinfo"> Posted on November 12th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/full-disclosure" title="View all posts in Full Disclosure" rel="category tag">Full Disclosure</a> | <a href="http://blogs.securiteam.com/index.php/archives/1330#comments" title="Comment on HP buys 3COM: how will that impact ZDI?"><span class="dsq-postid" rel="1330 http://blogs.securiteam.com/index.php/archives/1330">2 Comments »</span></a> </p> <div class="entry"> <p>What happens if your job is to sell to customers information about embarrassing vendor vulnerabilities, and then your company gets bought by one of the vendors you are reporting about?</p> <p>Going back to cheesy analogies this is the age old question, can god create a stone so heavy that he cannot lift?</p> <p>The case in question is HP buying 3COM (which owns the Zero Day initiative), and as HD Moore correctly <a href="http://twitter.com/hdmoore/status/5629710613">pointed out</a> there’s bound to be some conflict there.<br /> This will be an interesting match to watch. First, the stone is very heavy. Knowing the ZDI team (*) they have been very successful at staying independent inside the huge 3com corporate, and my money would be on them succeeding to do it again.</p> <p>But when we ask if HP can lift this proverbial stone, lets remember that HP was the only large vendor to pull out the nuclear weapon of <a href="http://news.cnet.com/2100-1023-947325.html?tag=mncol;txt">threatening to sue a security researcher</a> for making their flaws public. Now it’s a group within their own organization, selling information about <a href="http://www.zerodayinitiative.com/advisories/upcoming/">unfixed HP flaws</a> to paying customers, and paying the same researchers HP wanted to sue 7 years ago.</p> <p>(*) Full Disclosure: We run <a href="http://www.beyondsecurity.com/ssd.html">an alternative service to ZDI</a> called SecuriTeam Secure Disclosure. That doesn’t take anything from my respect to the ZDI guys and what they’ve been doing.</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1330"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_6"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1330" dc:identifier="http://blogs.securiteam.com/index.php/archives/1330" dc:title="HP buys 3COM: how will that impact ZDI?" trackback:ping="http://blogs.securiteam.com/index.php/archives/1330/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1328"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1328" rel="bookmark" title="Is it phish, or is it Amex?">Is it phish, or is it Amex?</a></h2> <p class="postinfo"> Posted on November 4th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/p1" title="Posts by p1" rel="author">p1</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/corporate-security" title="View all posts in Corporate Security" rel="category tag">Corporate Security</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/phishing" title="View all posts in Phishing" rel="category tag">Phishing</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/spam" title="View all posts in Spam" rel="category tag">Spam</a> | <a href="http://blogs.securiteam.com/index.php/archives/1328#comments" title="Comment on Is it phish, or is it Amex?"><span class="dsq-postid" rel="1328 http://blogs.securiteam.com/index.php/archives/1328">3 Comments »</span></a> </p> <div class="entry"> <p>I am a bit freaked.</p> <p>Last month I received an email message from American Express.  I very nearly deleted it unread: it was obviously phish, right?  (I was teaching in Toronto that week, so I had even more reason to turf it unread rather than look at it.)</p> <p>However, since I do have an Amex card, I decided to at least have a look at it, and possibly try and find some way to send it to them.  So I looked at it.</p> <p>And promptly freaked out.</p> <p>The phishers had my card number.  (Or, at least, the last five digits of it.)  They knew the due date of my statement.  The knew the balance amount of my last statement.</p> <p>(The fact that this was all happening while I am aware from home wasn’t making me feel any more comfortable with it …)</p> <p>So I had a look at the headers.  And couldn’t find a single thing indicating that this wasn’t from American Express.</p> <p>(I had paid my bill before I left.  Or, at least, I *thought* I had.  So I checked my bank.  Sure enough, that balance had been paid a couple of days before.  However, I guess banks never actually transfer money on the weekend or something …)</p> <p>A couple of days later I got another message: Amex was telling me that my payment was received.  That’s nice of them.  They were once again sending, in an unencrypted email message, the last five digits of my card number, and the last balance paid on my account.</p> <p>Well, I figured that it might have been an experiment, and that they’d probably realize the error of their ways, and I didn’t necessarily need to point this out.  Apparently I was wrong on all counts, since I got another reminder message today.</p> <p>Are these people completely unaware of the existence and risk of phishing?  Are they so totally ignorant of online security that they are encouraging their customers to be looking for legitimate email from a financial institution, thus increasing the risk of deception and fraud?</p> <p>Going to their Website, I notice that there is now an “Account Alerts” function.  It may have been there for a while: I don’t know, since I’ve never used it.  Since I’ve never used it, I assume it was populated by default when they created it.  It seems to, by default, send you a payment due notice a week before the deadline, a payment received notice when payment is received, and a notice when you approach your credit limit.  (Fortunately, someone had the good sense not to automatically populate the option that sends you your statement balance every week.)  These options may be useful to some people.  But they should be options: they shouldn’t be sending a bunch of information about everybody’s account, in the clear, by default.</p> <p>(There are, of course, “Terms and Conditions” applicable to this service, which basically say, as usual, that Amex isn’t responsible for much of anything, have warned you, and that you take all the risks arising from this function.  I find this heavily ironic, since I knew nothing of the service, don’t want it, and got it automatically.  I never even knew the “Terms and Conditions” existed, but in order to turn the service <strong>off</strong> I’ll have to read them.)</p> <p>(In trying to send a copy of this to Amex, I note that their Website only lists phone and snailmail as contact options, you aren’t supposed to be able to send them email.)</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1328"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_7"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1328" dc:identifier="http://blogs.securiteam.com/index.php/archives/1328" dc:title="Is it phish, or is it Amex?" trackback:ping="http://blogs.securiteam.com/index.php/archives/1328/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1327"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1327" rel="bookmark" title="st0rke">st0rke</a></h2> <p class="postinfo"> Posted on November 4th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/noam" title="Posts by noam" rel="author">noam</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a> | <a href="http://blogs.securiteam.com/index.php/archives/1327#comments" title="Comment on st0rke"><span class="dsq-postid" rel="1327 http://blogs.securiteam.com/index.php/archives/1327">3 Comments »</span></a> </p> <div class="entry"> <p>I just read the sad news that <a href="http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html">st0rke</a>, also known as the maintainer and founder of milw0rm has passed away, the problem with this news item is that it very difficult to judge whether or not it is true, as the source is not “the official news media” you would normally trust.</p> <p>This of course will not hit CNN, FOX, or any other news agency, and will be posted on, usually, underground mailing list or blog which might or not have a hidden agenda in respect to giving out such news items.</p> <p>This if of course not the first time someone was claimed to have died, with only rumours circulating and then finally after some time, it was determined to be true, as their site was no longer being updated, and emails sent to him never got a reply.</p> <p>If it is in fact true, the story about str0ke, I am sadden to hear it, and I send my condolences to his family, wife and 4 kids.</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1327"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_8"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1327" dc:identifier="http://blogs.securiteam.com/index.php/archives/1327" dc:title="st0rke" trackback:ping="http://blogs.securiteam.com/index.php/archives/1327/trackback" /> </rdf:RDF> --> </div> </div> <script type="text/javascript"> // <![CDATA[ var disqus_shortname = 'securiteamblogs'; (function () { var nodes = document.getElementsByTagName('span'); for (var i = 0, url; i < nodes.length; i++) { if (nodes[i].className.indexOf('dsq-postid') != -1) { nodes[i].parentNode.setAttribute('data-disqus-identifier', nodes[i].getAttribute('rel')); url = nodes[i].parentNode.href.split('#', 1); if (url.length == 1) { url = url[0]; } else { url = url[1]; } nodes[i].parentNode.href = url + '#disqus_thread'; } } var s = document.createElement('script'); s.async = true; s.type = 'text/javascript'; s.src = '//' + 'disqus.com/forums/' + disqus_shortname + '/count.js'; (document.getElementsByTagName('HEAD')[0] || document.getElementsByTagName('BODY')[0]).appendChild(s); }()); //]]> </script> <div class="browse"></div> <div class="clear"></div> </div> <div class="sidebar sidebar2"> <ul> <li id="a2a_share_save_widget-3" class="widget widget_a2a_share_save_widget"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_9"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></li> <li id="text-6" class="widget widget_text"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </li> <li id="categories-3" class="widget widget_categories"><h2 class="widgettitle">Categories</h2> <select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="11">Apple  (57)</option> <option class="level-0" value="18">Ask the Expert  (46)</option> <option class="level-0" value="41">Book Reviews  (45)</option> <option class="level-0" value="27">Botnets  (72)</option> <option class="level-0" value="12">Cisco  (25)</option> <option class="level-0" value="5">Commentary  (1345)</option> <option class="level-0" value="21">Corporate Security  (397)</option> <option class="level-0" value="10">Culture  (404)</option> <option class="level-0" value="26">DDoS  (40)</option> <option class="level-0" value="17">Digest  (41)</option> <option class="level-0" value="33">Earl  (11)</option> <option class="level-0" value="23">Encryption  (44)</option> <option class="level-0" value="7">Full Disclosure  (216)</option> <option class="level-0" value="25">Funnies  (71)</option> <option class="level-0" value="20">Funny  (96)</option> <option class="level-0" value="30">Fuzzing  (35)</option> <option class="level-0" value="2">Gadgets  (88)</option> <option class="level-0" value="19">Google  (53)</option> <option class="level-0" value="34">Hacked  (13)</option> <option class="level-0" value="31">InSecurity  (17)</option> <option class="level-0" value="22">Insider Threat  (53)</option> <option class="level-0" value="24">Interviews  (10)</option> <option class="level-0" value="9">Law  (86)</option> <option class="level-0" value="4">Linux  (41)</option> <option class="level-0" value="40">malware  (69)</option> <option class="level-0" value="32">Memory Leak  (24)</option> <option class="level-0" value="3">Microsoft  (234)</option> <option class="level-0" value="28">Networking  (119)</option> <option class="level-0" value="38">OPSEC  (121)</option> <option class="level-0" value="14">OT  (213)</option> <option class="level-0" value="16">Phishing  (109)</option> <option class="level-0" value="15">Physical Security  (89)</option> <option class="level-0" value="6">Privacy  (145)</option> <option class="level-0" value="29">Rootkits  (32)</option> <option class="level-0" value="39">Sec Tools  (90)</option> <option class="level-0" value="42">Social Engineering  (69)</option> <option class="level-0" value="8">Spam  (163)</option> <option class="level-0" value="35">The NULL Terminated  (5)</option> <option class="level-0" value="44">Tips & Tricks  (49)</option> <option class="level-0" value="13">Virus  (249)</option> <option class="level-0" value="1">Web  (453)</option> <option class="level-0" value="36">Zoned Out  (4)</option> </select> <script type='text/javascript'> /* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "http://blogs.securiteam.com/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; /* ]]> */ </script> </li> <li id="text-7" class="widget widget_text"> <div class="textwidget"><BR/> <!-- Place this tag where you want the +1 button to render --> <g:plusone></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script></div> </li> </ul> </div> <div class="sidebar"> <a style="font-size: 150%;" href="/index.php/feed/"><img src="http://blogs.securiteam.com/wp-content/themes/securiteam.new/images/rss-icon-48x48.gif" width="24" ALT="Security RSS"> Subscribe</a> <br><br> <ul> <li id="text-4" class="widget widget_text"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </li> <li id="text-3" class="widget widget_text"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </li> <li id="rss-3" class="widget widget_rss"><h2 class="widgettitle"><a class='rsswidget' href='http://www.securiteam.com/securiteam.rss' title='Syndicate this content'><img style='border:0' width='14' height='14' src='http://blogs.securiteam.com/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.securiteam.com/' title='Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.'>More Securiteam</a></h2> <ul><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6D03V00BFY.html' title='EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. […]'>EMC Documentum Content Server 6.7 SP1 P28 Remote Privilege Escalation Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6E03W00BFO.html' title='Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. […]'>IBM WebSphere Portal Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y03Q00BFW.html' title='Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. […]'>Adobe Acrobat and Reader Security Bypass Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6A03S00BFC.html' title='Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword […]'>Cisco Nexus 9000 Series Switches Access List Security Bypass Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/6Z03Q00BGQ.html' title='Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability, […]'>Microsoft Internet Explorer 11 Remote Memory Corruption Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6C03U00BFI.html' title='vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. […]'>HP Storage Data Protector Remote Code Execution Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y03P00BGC.html' title='Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. […]'>Multiple IBM Products Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6F03X00BFE.html' title='arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. […]'>Linux Kernel Local Privilege Escalation Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/6G03Y00BFU.html' title='Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability […]'>Microsoft Internet Explorer 11 Memory-Corruption Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6B03T00BFS.html' title='Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop […]'>Citrix XenDesktop Unauthorized Access Vulnerabilities</a></li></ul></li> <li id="recent-posts-3" class="widget widget_recent_entries"> <h2 class="widgettitle">New</h2> <ul> <li> <a href="http://blogs.securiteam.com/index.php/archives/2418" title="Windows 2012 R2 Certification Authority installation guide">Windows 2012 R2 Certification Authority installation guide</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2415" title="Best Email Retention Policy Practices">Best Email Retention Policy Practices</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2407" title="AV is dead … again …">AV is dead … again …</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2400" title="Settle for nothing now … Settle for nothing later!">Settle for nothing now … Settle for nothing later!</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2393" title="Big Government vs Big Corp – which is worse?">Big Government vs Big Corp – which is worse?</a> </li> </ul> </li> <li id="recent-comments-3" class="widget widget_recent_comments"><h2 class="widgettitle">Comments</h2> <ul id="recentcomments"><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894970">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894965">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">hsbc customer on <a href="http://blogs.securiteam.com/index.php/archives/1701#comment-894444">Howto: Phish HSBC credit card numbers</a></li><li class="recentcomments">Duqyaha Sultanovich on <a href="http://blogs.securiteam.com/index.php/archives/2365#comment-865918">CyberSec Tips – “Computer Maintenance Department”</a></li><li class="recentcomments">intrest on <a href="http://blogs.securiteam.com/index.php/archives/2352#comment-865660">BananaGlee</a></li></ul></li> <li id="text-5" class="widget widget_text"><h2 class="widgettitle">Admin</h2> <div class="textwidget"><a href="http://blogs.securiteam.com/wp-admin/">Login</a></div> </li> </ul> </div> <div class="clear"></div> <div id="footer"> <p><a href="http://blogs.securiteam.com" title="SecuriTeam Blogs home page">SecuriTeam Blogs</a> is powered by Word Press.</p> </div> </div><!-- end page --> </div> <script type="text/javascript"><!-- wpa2a.targets=[ {title:'Stop blaming us',url:'http://blogs.securiteam.com/index.php/archives/1334'}, {title:'How to analyze timeline of 9/11 attacks – read pager traffic from N.Y. and Washington',url:'http://blogs.securiteam.com/index.php/archives/1286'}, {title:'Heathrow calling',url:'http://blogs.securiteam.com/index.php/archives/1333'}, {title:'Fuzzing anything that moves',url:'http://blogs.securiteam.com/index.php/archives/1332'}, {title:'Is this the laziest 419 of all time?',url:'http://blogs.securiteam.com/index.php/archives/1331'}, {title:'HP buys 3COM: how will that impact ZDI?',url:'http://blogs.securiteam.com/index.php/archives/1330'}, {title:'Is it phish, or is it Amex?',url:'http://blogs.securiteam.com/index.php/archives/1328'}, {title:'st0rke',url:'http://blogs.securiteam.com/index.php/archives/1327'}, {title:document.title,url:location.href}]; wpa2a.html_done=true;if(wpa2a.script_ready&&!wpa2a.done)wpa2a.init();wpa2a.script_load(); //--></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-29522810-1']); _gaq.push(['_setDomainName', 'securiteam.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>