@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Reader, Acrobat, and Flash Player Multiple Vulnerabilities
• (2) HIGH: Microsoft Office Multiple Vulnerabilities
• (3) HIGH: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
• (4) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 11.7.1 - Microsoft Windows OpenType Compact Font Format Remote Code Execution
• 11.7.2 - Microsoft Windows Kernel Integer Truncation Local Privilege Escalation
• 11.7.3 - Microsoft Windows LSASS Length Validation Local Privilege Escalation
• 11.7.4 - Microsoft Windows Kernel Local Privilege Escalation Issue
• 11.7.5 - Microsoft Windows Kerberos Unkeyed Checksum Local Privilege Escalation
• 11.7.6 - Microsoft VBScript and JScript Scripting Engines Information Disclosure

Microsoft Office

• 11.7.7 - Microsoft Excel Invalid Object Type Remote Code Execution

Other Microsoft Products

• 11.7.8 - Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
• 11.7.9 - Microsoft Visio Object Memory Corruption Remote Code Execution
• 11.7.10 - Microsoft Active Directory Service Principal Names Denial Of Service

Third Party Windows Apps

• 11.7.11 - Media Player Classic "iacenc.dll" DLL Loading Arbitrary Code Execution

HP-UX

• 11.7.12 - HP-UX "rpc.cmsd" Calendar Manager Daemon Remote Buffer Overflow

Novell

• 11.7.13 - Novell eDirectory Server NCP Requests Denial of Service

Cross Platform

• 11.7.14 - AOL Desktop 9.6 ".rtx" File Remote Buffer Overflow
• 11.7.15 - Google Chrome prior to 9.0.597.84 Multiple Security Vulnerabilities
• 11.7.16 - BMC PATROL Agent Service Daemon "BGS_MULTIPLE_READS" Command Remote Code Execution
• 11.7.17 - OpenSSH Legacy Certificate Signing Information Disclosure
• 11.7.18 - Wireshark ".pcap" File Memory Corruption
• 11.7.19 - PHP prior to 5.3.4 Multiple Vulnerabilities
• 11.7.20 - Apache Tomcat SecurityManager Security Bypass
• 11.7.21 - ProFTPD "mod_sftp" Module Integer Overflow
• 11.7.22 - Oracle Java "JFileChooser" Security Bypass
• 11.7.23 - IBM Informix Dynamic Server Oninit Remote Code Execution
• 11.7.24 - HP Data Protector Multiple Remote Code Execution Vulnerabilities
• 11.7.25 - IBM Lotus Domino "nLDAP.exe" Remote Buffer Overflow
• 11.7.26 - IBM Lotus Notes "cai://" URI Handler Remote Code Execution
• 11.7.27 - EMC Replication Manager Client Control Service Remote Code Execution
• 11.7.28 - Multiple Check Point Endpoint Security Products Information Disclosure Vulnerabilities
• 11.7.29 - IBM Lotus Domino SMTP Multiple Filename Arguments Remote Buffer Overflow
• 11.7.30 - Cisco Nexus 1000V VEM Denial of Service
• 11.7.31 - WordPress Prior to 3.0.5 Multiple Security Vulnerabilities
• 11.7.32 - HP Power Manager Unspecified Cross Site Request Forgery
• 11.7.33 - AoA DVD Creator and MP4 Converter "InitLicenKeys()" ActiveX Control Buffer Overflow
• 11.7.34 - Adobe Acrobat and Reader for Windows Multiple Issues

Web Application - Cross Site Scripting

• 11.7.35 - IBM Rational Build Forge "fullcontrol/" Cross Site Scripting
• 11.7.36 - Firebook "index.html" Cross Site Scripting
• 11.7.37 - phpBB Unspecified Cross Site Scripting

Network Device

• 11.7.38 - Cisco TANDBERG C Series and E/EX Series Default Credentials Authentication Bypass
• 11.7.39 - SMC Networks SMCD3G Session Management Authentication Bypass

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10911 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.7.1 - CVE: CVE-2011-0033
• Platform: Windows
• Title: Microsoft Windows OpenType Compact Font Format Remote Code Execution
• Description: OpenType is a font format developed by Microsoft and Adobe. Microsoft Windows is exposed to a remote code execution issue that affects the Compact Font Format (CFF) driver. Specifically, This issue occurs because the driver fails to validate values read in from specially crafted OpenType fonts.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-007.mspx

• 11.7.2 - CVE: CVE-2011-0045
• Platform: Windows
• Title: Microsoft Windows Kernel Integer Truncation Local Privilege Escalation
• Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs because of the way the Windows kernel allocates memory when reading user-supplied data.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-011.mspx

• 11.7.3 - CVE: CVE-2011-0039
• Platform: Windows
• Title: Microsoft Windows LSASS Length Validation Local Privilege Escalation
• Description: Microsoft Windows Local Security Authority Subsystem Service (LSASS) is a security mechanism that handles local security and login policies. LSASS is exposed to a local privilege escalation issue because the application fails to properly validate the length of specially crafted authentication requests.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-014.mspx

• 11.7.4 - CVE: CVE-2011-0086, CVE-2011-0087, CVE-2011-0089,CVE-2011-0090, CVE-2011-0088
• Platform: Windows
• Title: Microsoft Windows Kernel Local Privilege Escalation Issue
• Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel "Win32k.sys" kernel mode device driver. The problem occurs because the driver fails to properly validate user-supplied input passed to kernel mode from user mode.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-012.mspx

• 11.7.5 - CVE: CVE-2011-0043, CVE-2011-0091
• Platform: Windows
• Title: Microsoft Windows Kerberos Unkeyed Checksum Local Privilege Escalation
• Description: Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. The Microsoft Windows implementation of Kerberos is exposed to a local privilege escalation issue that occurs because the application supports a weak hashing mechanism such as CRC32.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-013.mspx

• 11.7.6 - CVE: CVE-2011-0031
• Platform: Windows
• Title: Microsoft VBScript and JScript Scripting Engines Information Disclosure
• Description: VBScript and JScript are scripting engines for Microsoft Windows. Microsoft VBScript and JScript scripting engines are exposed to an information disclosure issue caused by a memory corruption error when processing scripts in webpages.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-009.mspx

• 11.7.7 - CVE: Not Available
• Platform: Microsoft Office
• Title: Microsoft Excel Invalid Object Type Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Microsoft Excel is exposed to a remote code execution issue because of a invalid object type. This vulnerability occurs when parsing an Office art object to a linked list.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-040/

• 11.7.8 - CVE: CVE-2011-0036
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
• Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows platforms. Microsoft Internet Explorer is exposed to a remote code execution issue that occurs when the application attempts to access an object that is uninitialized or has been deleted.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx

• 11.7.9 - CVE: CVE-2011-0092, CVE-2011-0093
• Platform: Other Microsoft Products
• Title: Microsoft Visio Object Memory Corruption Remote Code Execution
• Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. Specifically, the software fails to properly validate objects in memory when parsing specially crafted Visio files.
• Ref: http://www.securityfocus.com/archive/1/516274

• 11.7.10 - CVE: CVE-2011-0040
• Platform: Other Microsoft Products
• Title: Microsoft Active Directory Service Principal Names Denial Of Service
• Description: Microsoft Active Directory is an LDAP (Lightweight Directory Access Protocol) implementation distributed with multiple Windows operating systems. The application is exposed to a denial of service issue that occurs due to improper validation of service principal names (SPN), which could result in SPN collisions.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-005.mspx

• 11.7.11 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Media Player Classic "iacenc.dll" DLL Loading Arbitrary Code Execution
• Description: Media Player Classic is a multimedia playback application for Microsoft Windows operating systems. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "iacenc.dll" Dynamic Link Library file in the current working directory. Media Player Classic version 6.4.9.1 is affected.
• Ref: http://www.microsoft.com/technet/security/advisory/2269637.mspx

• 11.7.12 - CVE: CVE-2010-4435
• Platform: HP-UX
• Title: HP-UX "rpc.cmsd" Calendar Manager Daemon Remote Buffer Overflow
• Description: HP-UX is a UNIX based operating system. The Calendar Manager Service daemon is a Remote Procedure Call (RPC) application used to manage schedules and calendars. HP-UX is exposed to a remote buffer overflow issue that occurs in the CDE Calendar Manager service.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395

• 11.7.13 - CVE: CVE-2010-4327
• Platform: Novell
• Title: Novell eDirectory Server NCP Requests Denial of Service
• Description: Novell eDirectory is a directory service that is used to centrally manage computer resources on a network. Novell eDirectory is exposed to a denial of service issue that affects the Server's NCP implementation which binds to TCP Port 524 by default.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-060/

• 11.7.14 - CVE: Not Available
• Platform: Cross Platform
• Title: AOL Desktop 9.6 ".rtx" File Remote Buffer Overflow
• Description: AOL Desktop 9.6 is an application that provides all-in-one AOL software. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
• Ref: http://www.securityfocus.com/bid/46129

• 11.7.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome prior to 9.0.597.84 Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. Attackers may exploit these issues to execute arbitrary code in the context of the browser or cause denial of service conditions. Chrome versions prior to 9.0.597.84 are affected.
• Ref: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

• 11.7.16 - CVE: Not Available
• Platform: Cross Platform
• Title: BMC PATROL Agent Service Daemon "BGS_MULTIPLE_READS" Command Remote Code Execution
• Description: BMC Patrol is an application for monitoring and managing systems remotely. Patrol Agent is the central component of the Patrol architecture. BMC Patrol Agent is exposed to a remote code execution issue in the service daemon. Specifically, the issue occurs due to improper processing of the "BGS_MULTIPLE_READS" commands.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-039/

• 11.7.17 - CVE: CVE-2011-0539
• Platform: Cross Platform
• Title: OpenSSH Legacy Certificate Signing Information Disclosure
• Description: OpenSSH (OpenBSD Secure Shell) is software that provides encrypted communications through the SSH protocol. OpenSSH is exposed to an information disclosure issue that occurs because of an uninitialized variable in the "key_certify()" function of the "/src/usr/bin/ssh/key.c" source file when generating a legacy certificate using the "-t" option. OpenSSH versions prior to 5.8 are affected.
• Ref: http://www.openssh.com/txt/legacy-cert.adv

• 11.7.18 - CVE: CVE-2011-0538
• Platform: Cross Platform
• Title: Wireshark ".pcap" File Memory Corruption
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to a memory corruption issue that occurs when handling a ".pcap" file.
• Ref: http://www.securityfocus.com/bid/46167

• 11.7.19 - CVE: CVE-2011-0755,CVE-2011-0754,CVE-2011-0753
• Platform: Cross Platform
• Title: PHP prior to 5.3.4 Multiple Vulnerabilities
• Description: PHP is a general purpose scripting language that is suited for web development and can be embedded into HTML. PHP is exposed to multiple issues. 1) A remote memory corruption issue because of a race condition in the PCNTL extension. 2) A security bypass issue exists in the "SplFileInfo::getType()" function of the Standard PHP Library (SPL) extension. 3) An integer overflow issue exists in the "mt_rand()" function. PHP versions prior to 5.3.4 are affected.
• Ref: http://bugs.php.net/46587

• 11.7.20 - CVE: CVE-2010-3718
• Platform: Cross Platform
• Title: Apache Tomcat SecurityManager Security Bypass
• Description: Apache Tomcat is an HTTP server application. Apache Tomcat is exposed to a security bypass issue that occurs in SecurityManager because access to the "ServletContect" attribute is not properly restricted. Apache Tomcat versions prior to 7.0.4, 6.0.30, and 5.5.30 are affected.
• Ref: http://tomcat.apache.org/security-7.html

• 11.7.21 - CVE: Not Available
• Platform: Cross Platform
• Title: ProFTPD "mod_sftp" Module Integer Overflow
• Description: ProFTPD is an FTP server that is available for UNIX and Linux platforms. "mod_sftp" is a module for ProFTPD that is used for implementing the SSH2 protocol and it is an SFTP subsystem. The application is exposed to an integer overflow issue because the software fails to perform adequate boundary checks on user-supplied data.
• Ref: http://www.securityfocus.com/bid/46183

• 11.7.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle Java "JFileChooser" Security Bypass
• Description: Oracle Java is exposed to a security bypass issue that affects the "javax.swing.JFileChooser" swing component. Specifically, the library allows users to choose files on the file system that cannot be normally used by a Java applet.
• Ref: http://slightlyrandombrokenthoughts.blogspot.com/2011/02/java-jfilechooser-progr
  ammatic.html

• 11.7.23 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Informix Dynamic Server Oninit Remote Code Execution
• Description: IBM Informix Dynamic Server is an application server that runs on various platforms. IBM Informix Dynamic Server is exposed to a remote code execution issue because the application fails to adequately sanitize user-supplied arguments to the "USELASTCOMMITTED" option in an SQL query.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-050/

• 11.7.24 - CVE: Not Available
• Platform: Cross Platform
• Title: HP Data Protector Multiple Remote Code Execution Vulnerabilities
• Description: HP Data Protector is a commercial data-management product for backup and recovery operations. The application is exposed to multiple remote code execution issues that affect the Cell Manager and Client components. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-054/

• 11.7.25 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Domino "nLDAP.exe" Remote Buffer Overflow
• Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-047/

• 11.7.26 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Notes "cai://" URI Handler Remote Code Execution
• Description: IBM Lotus Notes is an integrated desktop client. IBM Lotus Notes is exposed to a remote code execution issue because it fails to properly sanitize input. Specifically, the "cai://" protocol handler fails to handle malformed strings passed through the "--launcher.library" argument.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-051/

• 11.7.27 - CVE: CVE-2011-0647
• Platform: Cross Platform
• Title: EMC Replication Manager Client Control Service Remote Code Execution
• Description: EMC Replication Manager Client is software for replicating application data. The application's control service, "irccd.exe", listens by default on TCP port 6542 for an XML-based network protocol. The service will accept a "RunProgram" message. By supplying a specially crafted payload along with "RunProgram" commands, a remote attacker can execute arbitrary code in the context of the user running the application.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-11-061/

• 11.7.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Check Point Endpoint Security Products Information Disclosure Vulnerabilities
• Description: Multiple Check Point endpoint security products are exposed to multiple information disclosure issues that affect multiple scripts. Attackers can exploit these issues to harvest sensitive information that may lead to further attacks.
• Ref: https://supportcenter.checkpoint.com/supportcenter/portal?eventSu bmit_doGoviewsolutiondetails=&solutionid=sk57881

• 11.7.29 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Buffer Overflow
• Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. IBM Lotus Domino is exposed to a remote buffer overflow issue that affects the SMTP service when processing specially crafted email messages.
• Ref: http://www.securityfocus.com/bid/46245

• 11.7.30 - CVE: CVE-2011-0355
• Platform: Cross Platform
• Title: Cisco Nexus 1000V VEM Denial of Service
• Description: The Cisco Nexus 1000V VEM is a virtual switch for ESX and ESXi. The application is exposed to a denial of service issue that occurs while processing 801.1Q tagged packets. The issue can be triggered when a virtual machine sends a packet on a vEthernet port.
• Ref: http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/ 4_2_1_s_v_1_4/release/notes/n1000v_rn.html

• 11.7.31 - CVE: Not Available
• Platform: Cross Platform
• Title: WordPress Prior to 3.0.5 Multiple Security Vulnerabilities
• Description: WordPress is a web-based blogging application. WordPress is exposed to multiple security issues. 1) A cross-site scripting issue exists because it fails to sufficiently sanitize user-supplied data to the the "title" field of the "Quick/Bulk Edit" section and the "tags meta box" section. 2) An information disclosure issue exists. WordPress versions prior to 3.0.5 are affected.
• Ref: http://codex.wordpress.org/Version_3.0.5

• 11.7.32 - CVE: CVE-2011-0277
• Platform: Cross Platform
• Title: HP Power Manager Unspecified Cross Site Request Forgery
• Description: HP Power Manager is a power management application. HP Power Manager is exposed to an unspecified cross-site request forgery issue.
• Ref: http://www.securityfocus.com/bid/46258

• 11.7.33 - CVE: Not Available
• Platform: Cross Platform
• Title: AoA DVD Creator and MP4 Converter "InitLicenKeys()" ActiveX Control Buffer Overflow
• Description: AoA DVD Creator is a DVD creation application. AOA MP4 Converter allows users to create MP4 media files. AoA DVD Creator and MP4 Converter are exposed to a buffer overflow issue because the applications fail to perform adequate boundary checks on user-supplied data.
• Ref: http://www.securityfocus.com/bid/46260

• 11.7.34 - CVE: CVE-2010-4091, CVE-2011-0562, CVE-2011-0563,CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567,CVE-2011-0568, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586,CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590,CVE-2011-0591, CVE-2011-0592,
• Platform: Cross Platform
• Title: Adobe Acrobat and Reader for Windows Multiple Issues
• Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Acrobat and Reader are exposed to multiple issues. Adobe Reader and Acrobat versions prior to 9.4.2 and 10.0.1 are affected. For more information, please refer to link below.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-03.html

• 11.7.35 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: IBM Rational Build Forge "fullcontrol/" Cross Site Scripting
• Description: IBM Rational Build Forge is an adaptive process execution framework. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "fullcontrol/" script. IBM Rational Build Forge version 7.02 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM05187

• 11.7.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Firebook "index.html" Cross Site Scripting
• Description: Firebook is a Perl-based guest-book script. Firebook is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "index.html" script.
• Ref: http://www.securityfocus.com/bid/46143

• 11.7.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpBB Unspecified Cross Site Scripting
• Description: phpBB is a PHP-based bulletin-board application. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. phpBB versions prior to 3.0.8 are affected.
• Ref: http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v307-PL1

• 11.7.38 - CVE: CVE-2011-0354
• Platform: Network Device
• Title: Cisco TANDBERG C Series and E/EX Series Default Credentials Authentication Bypass
• Description: Cisco Tandberg devices provide Cisco TelePresence endpoints for conference rooms, individual desktops, and home offices. Cisco TANDBERG C Series Endpoints and E/EX Series Personal Video devices are exposed to a remote authentication bypass issue that occurs because the root user account is enabled by default with no password.
• Ref: http://www.kb.cert.org/vuls/id/436854

• 11.7.39 - CVE: Not Available
• Platform: Network Device
• Title: SMC Networks SMCD3G Session Management Authentication Bypass
• Description: SMCD3G is a DOCSIS gateway. The device is exposed to a remote authentication bypass issue that occurs in the session management because the device uses predictable session IDs.
• Ref: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/