Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 29
July 26, 2004

SANS Newsletters Home

Those of you who picked this past week for a vacation chose wisely. It was a very light week, providing needed relief after last week.

A question: "What Works In Intrusion Prevention?" If you know the answer, skip the webcast. Otherwise, join us Wednesday, July 28 at 1:00 PM EDT (1700 UTC) where you'll hear from Los Alamos National Laboratory Senior Security Analyst Paul Criscuolo on how the lab found a very effective solution to the Intrusion Prevention problem. You'll even have a chance to ask Paul questions. Gartner just told its clients that intrusion prevention can help them "win the arms race" against hackers. Makes sense to know how.

If you have a SANS portal account just join us at 1 EDT on Wednesday at http://www.sans.org/webcasts/show.php?webcastid=90514 If you don't have a portal account, set yours up at portal.sans.org

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Third-Party Windows Apps
    • 6
    • Novell
    • 1
    • Linux/UNIX
    • 3 (#1, #2, #6)
    • OpenVMS
    • 1 (#7)
    • Cross Platform
    • 3
    • Web Application
    • 20 (#3, #4, #5)
    • Network Device
    • 4

******************** Security Training Update *************************

Featured Security Training Program: SANS Network Security 2004 Las Vegas, NV September 28 - October 6, 2004

The largest training conference in the world with 16 immersion training tracks and a large security exposition. Great courses for security managers and CISOs, for security experts, for auditors, for forensics scientists, and even for those just starting out. And Las Vegas is a great place to visit in the fall. Register soon to get a seat at your choice of courses. http://www.sans.org/ns2004

***********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Unix
Novell
Cross Platform
Web Application
Network Device

************************** SPONSORED LINKS ***************************

Note: some of these links take you to a non-SANS site.

(1) FREE Download - Take full control of remote access & support security with CrossTec NetOp Remote Control http://www.sans.org/info.php?id=535

(2) Step-by-Step Guides to security, from SANS,on topics from Business Law to hardening Oracle and Linux and Windows and more. https://store.sans.org/store_item.php?item=112

***********************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) LOW: mod_ssl Format String Vulnerability
  • Affected: Apache 1.3.x servers running mod_ssl versions prior to 2.8.19

  • Description: The "mod_ssl" module provides the SSL and TLS protocol support for the Apache webserver. This module contains a format string vulnerability in the "ssl_log()" function. The flaw can be reportedly triggered by an HTTP request like " http://foobar%s.mydomain.com", if the host "foobar%s" exists in the domain "mydomain.com". If the Apache server is configured as a proxy, an attacker may exploit this flaw to possibly execute arbitrary code. Note that the attacker would need to own a domain name, and configure a host in that domain with a name containing a format string. The technical details required to leverage the flaw have been posted.

  • Status: Vendor confirmed, upgrade to version 2.8.19. OpenPKG has issued an update for Apache that includes the fixed version of the mod_ssl.

  • Council Site Actions: Most council sites are running the Apache software with mod_ssl, but not as a proxy server, thus no action needed on their part. There are three sites running in the affected configuration on a very small number of systems. Two of these sites don't plan any action, as they consider the threat very low. The third site will install the patch during their next regularly scheduled systems update process.

  • References:
Other Software
  • (3) HIGH: Extropia WebStore Remote Command Execution
  • Affected: webstore_cgi script, assumed current version

  • Description: WebStore, a shopping cart software, contains a remote command execution vulnerability. The problem occurs because the user input passed to the "webstore_cgi" script's "page" parameter is not properly sanitized. An attacker can exploit this flaw to execute arbitrary commands on the webserver, by passing a value to the page parameter containing a "|"(pipe) character. The posting shows how to craft such a malicious request.

  • Status: Vendor not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (5) MODERATE: Multiple Software Remote File Include Vulnerabilities
  • Affected:
    • BLOG: CMS, a weblog software, versions prior to 3.1.4
    • PunBB, a PHP-based discussion board, versions prior to 1.1.5
    • Nucleus, a weblog software, versions prior to 3.0.1

  • Description: The following open source software packages reportedly contain remote file include vulnerabilities: WebStore, BLOG: CMS, PunBB and Nucleus. These flaws can be exploited by a remote attacker to run arbitrary code on the webserver hosting the vulnerable software package(s). The technical details can be obtained by examining the fixed and the vulnerable versions of the software.

  • Status: Vendor confirmed. Please upgrade to version 3.1.4 of BLOG: CMS, version 3.0.1 of Nucleus or version 1.1.5 of PunBB. Council Site Action: The affected software and/or configuration is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (6) LOW: SCO OpenServer MMDF Vulnerabilities
  • Affected: SCO OpenServer versions 5.0.5, 5.0.6 and 5.0.7

  • Description: SCO OpenServer, a UNIX-based server, contains multiple vulnerabilities in its Multi-channel Memo Distribution Facility (MMDF) software. MMDF is a mail transport agent (MTA) for UNIX systems similar to Sendmail. SCO has reported that the software contains multiple buffer overflows. These overflows may be possibly exploited to execute arbitrary commands with root privileges. No technical details regarding how to trigger the flaws have been released. The vulnerabilities can be exploited locally and possibly remotely (not confirmed).

  • Status: Vendor confirmed. Updated binaries for OpenServer are available.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (7) UPDATE: HP OpenVMS RPC Buffer Overflow

  • Description: @Stake has released an advisory regarding the buffer overflow vulnerability in the HP's implementation of DCE/RPC protocol. This overflow was discussed in the last issue of the @RISK newsletter. @stake has confirmed that the buffer overflow in the DCE endpoint mapper, which runs on 135/tcp, can be exploited to execute arbitrary code with possibly root privileges.

  • Council Site Actions: The few council sites that are running the affected software have not changed their initial plans for responding to this vulnerability.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3599 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.29.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell BorderManager Remote Denial of Service
  • Description: Novell BorderManager is a Windows based network security tool providing firewall and VPN functionality. It is reported to be vulnerable to a remote denial of service attack. The issue exists due to a failure of handling exceptional network input. BorderManager version 3.8 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10727/info/
  • 04.29.2 - CVE: CAN-2004-0733
  • Platform: Third Party Windows Apps
  • Title: OllyDbg Debugger Format String Vulnerability
  • Description: OllyDbg is a graphical debugging application for Microsoft Windows. It is vulnerable to a format string attack. When debugging a malicious program with OllyDbg, it is possible to execute arbitrary code in the context of the debugger.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0711.html
  • 04.29.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Norton Antivirus Script Blocker Denial of Service
  • Description: Symantec Norton Antivirus (NAV) is a suite of tools that provide protection from viruses. It has recently been announced that a vulnerability exists that allows for a maliciously crafted script to disable the Script Blocker feature of NAV. All current versions of NAV are reported to be vulnerable to this attack.
  • Ref: http://www.securityfocus.com/archive/82/369077/2004-07-13/2004-07-19/0
  • 04.29.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sysinternals PsTools Remote Unauthorized Access
  • Description: Sysinternals PsTools allow remote administration of Windows machines. PsTools are reportedly vulnerable to an unauthorized access issue. The utilities map the "IPC$" and "ADMIN$" shares during remote administration. However, they fail to disconnect these shares while exiting. Remote attackers can connect to these shares and gain administrative access to the vulnerable host.
  • Ref: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304
  • 04.29.5 - CVE: CAN-2004-0739
  • Platform: Third Party Windows Apps
  • Title: Whisper FTP Surfer Long File Name Remote Buffer Overflow
  • Description: Snapfiles Whisper FTP Surfer is an FTP client for Windows. It has been reported that FTP Surfer is vulnerable to a remote buffer overflow issue. The vulnerability exists in the handling of large filenames, and can result in the execution of arbitrary code. Whisper FTP Surfer version 1.0.7 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/369444
  • 04.29.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PSCS VPOP3 Email Server Denial of Service
  • Description: PSCS VPOP3 is a POP3 and SMTP mail server with webmail services. It is reported to be vulnerable to a remote denial of service issue due to improper sanitization of its "msglisten" parameter. A large value in the "msglisten" parameter will cause a denial of service. VPOP3 version 2.0.0k is reported vulnerable to this issue.
  • Ref: http://members.lycos.co.uk/r34ct/main/Vpop3.txt
  • 04.29.7 - CVE: CAN-2004-0510, CAN-2004-0511, CAN-2004-0512
  • Platform: Unix
  • Title: SCO Multi-channel Memorandum Distribution Facility Vulnerabilities
  • Description: SCO Multi-channel Memorandum Distribution Facility (MMDF) is a mail transport agent (MTA) made up of a number of utilities. Insufficient bound checks made during copying user specified data exposes various buffer overflow issues. All SCO OpenServer versions in the 5.x branch are reported to be affected.
  • Ref: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/SCOSA-2004.7.txt
  • 04.29.8 - CVE: CAN-2004-0600
  • Platform: Unix
  • Title: Samba SWAT Base64 Decoder Buffer Overflow
  • Description: Samba is a file and printer sharing platform. Part of the Samba toolkit is the Samba Web Administration Tool (SWAT). It has been reported that SWAT is subject to a buffer overflow in its base64 decoding handlers. A remote user could exploit this flaw by passing maliciously crafted authentication information to execute arbitrary code.
  • Ref: http://us1.samba.org/samba/whatsnew/samba-3.0.5.html
  • 04.29.9 - CVE: CAN-2004-0686
  • Platform: Unix
  • Title: Samba Filename Mangling Method Buffer Overrun
  • Description: Samba is reportedly vulnerable to an undisclosed buffer overrun issue. This condition is exposed while handling file name mangling with the "hash" method. This vulnerability is reported to affect Samba versions 3.0.0 and later.
  • Ref: http://www.samba.org/samba/whatsnew/samba-3.0.5.html
  • 04.29.10 - CVE: Not Available
  • Platform: Novell
  • Title: Novell iChain Multiple Unspecified Vulnerabilities
  • Description: Novell iChain Server is a web-based security product designed to implement and maintain various network-based access controls. It is reported to be vulnerable to denial of service and buffer overflow issues. Novell iChain version 2.2 is reported to be vulnerable to these issues.
  • Ref: http://www.net-security.org/advisory.php?id=2096
  • 04.29.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Improper Certificate Verification
  • Description: The Opera Web Browser is reportedly vulnerable to an unspecified certificate verification issue. The browser may allow forged certificates to be used when authenticating connections. Opera versions 7.51 and prior are affected by this issue.
  • Ref: http://www.securityfocus.com/advisories/6965
  • 04.29.12 - CVE: CAN-2004-0735
  • Platform: Cross Platform
  • Title: Medal of Honor Allied Assault Remote Buffer Overflow
  • Description: Medal Of Honor Allied Assault is a computer game that supports network play. Reportedly, both the game server and client fail to perform sufficient boundary checks on network data. This causes a remote buffer overflow condition. All current versions of the game are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/369170
  • 04.29.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates Common Services Denial of Service
  • Description: Computer Associates CS (Common Services) application facilitates application integration and administration of desktops. Insufficient sanitization of user supplied URI parameter exposes one denial of service condition. Another denial of service condition is exposed when a large number of simultaneous connections are made to the portal. CS version 1.0 and eTrust Security Command Center version 1.0 are affected.
  • Ref: ftp://ftp.ca.com/CAproducts/unicenter/CCS31/nt/qi52764/QI52764.DB0
  • 04.29.14 - CVE: Not Available
  • Platform: Web Application
  • Title: BoardPower Forum Cross-Site Scripting
  • Description: BoardPower Forum is a web-based bulletin board application. It is reported to be vulnerable to cross-site scripting issue in its "icq.cgi" script. The problem is due to insufficient sanitization of URL parameters. BoardPower Forum version 2.04 PF is known to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0642.html
  • 04.29.15 - CVE: Not Available
  • Platform: Web Application
  • Title: DNA HelpDesk Problist Script SQL Injection
  • Description: DNA HelpDesk is a web-based customer support help desk application. It is reported to be vulnerable to an SQL injection issue. The issue exists due to improper sanitization of user-supplied input through the "where" parameter of "problist.asp" script. DNA HelpDesk version 1.01 is reported to be vulnerable.
  • Ref: http://secunia.com/advisories/12119/
  • 04.29.16 - CVE: Not Available
  • Platform: Web Application
  • Title: Web+Center Cookie Object SQL Injection
  • Description: Web+Center is a suite of customer support applications. Reportedly, the "Cookie" field in an HTTP request is not sanitized sufficiently before being used to construct SQL queries. This allows for an SQL injection condition that can be used to access or corrupt the backend database. Web+Center version 4.0.1 is affected by this vulnerability.
  • Ref: http://secunia.com/advisories/12121/
  • 04.29.17 - CVE: Not Available
  • Platform: Web Application
  • Title: TeamTrack Remote Authentication Bypass Vulnerability
  • Description: Serena TeamTrack is a web-based team management suite. It has been revealed that TeamTrack is subject to an authentication bypass vulnerability due to insufficient input sanitization. A malicious user can utilize unprotected files to create a contrived login page to trick users into revealing their credential information. TeamTrack versions 6.x are known to be vulnerable.
  • Ref: http://www.securiteam.com/windowsntfocus/5SP0O0ADGG.html
  • 04.29.18 - CVE: CAN-2004-0730
  • Platform: Web Application
  • Title: phpBB faq.php Cross-Site Scripting
  • Description: phpBB is a web forum written in PHP. It has been reported that phpBB is vulnerable to several cross-site scripting issues due to improper sanitization of URL input. phpBB versions 2.0.8 and 2.0.8a are reported to be vulnerable. The vendor has released 2.0.9 to remedy the issue.
  • Ref: http://www.securityfocus.com/archive/1/369054
  • 04.29.19 - CVE: CAN-2004-0738
  • Platform: Web Application
  • Title: Multiple PHPNuke SQL Injection And Cross-Site Scripting
  • Description: PHPNuke is a web-based portal system, implemented in PHP. It is reported to be vulnerable to cross-site scripting and SQL injection issues due to improper sanitization of user-supplied data. These vulnerabilities were reported in version 7.3 of PHPNuke.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-07/0176.html
  • 04.29.20 - CVE: CAN-2004-0734
  • Platform: Web Application
  • Title: eXtropia WebStore Remote Command Execution
  • Description: eXtropia WebStore is a web-based store application. Insufficient sanitization of the "page" URI parameter in its "web_store.cgi" script exposes a remote command execution issue. eXtropia WebStore versions 1.0 and 2.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/369171
  • 04.29.21 - CVE: Not Available
  • Platform: Web Application
  • Title: Kleinanzeigen Script File Include Vulnerability
  • Description: Armedic Webdesign's Kleinanzeigen PHP script is reported to be vulnerable to a remote file include condition. This allows a remote attacker to execute arbitrary PHP scripts on the vulnerable host. This issue occurs due to insufficient sanitization of the data supplied through the "id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/369357
  • 04.29.22 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Linked Avatar SQL Injection
  • Description: phpBB is a web forum application written in PHP. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of user-supplied input. phpBB versions 2.0.8 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10740/info/
  • 04.29.24 - CVE: CAN-2004-0737
  • Platform: Web Application
  • Title: PHPNuke Multiple Input Validation Vulnerabilities
  • Description: PHPNuke is a web based portal system. Insufficient sanitization of user-supplied input exposes various multiple cross-site scripting and SQL injection issues. PHPNuke versions 7.3 are earlier are affected.
  • Ref: http://www.securityfocus.com/bid/10749/
  • 04.29.25 - CVE: Not Available
  • Platform: Web Application
  • Title: CutePHP Comment HTML Injection Vulnerability
  • Description: CutePHP is a bulletin board system implemented in PHP. It has been reported that CutePHP is subject to an HTML injection attack which could allow cookie-based authentication theft. CutePHP versions 1.3 and 1.3.1 are reported to be vulnerable. CutePHP version 1.3.2 has been released to remedy the issue.
  • Ref: http://www.darkbicho.iberhosting.net/advisory-11.txt
  • 04.29.26 - CVE: Not Available
  • Platform: Web Application
  • Title: PlaySMS Unspecified File Include Vulnerability
  • Description: PlaySMS is a SMS gateway application. It is reported to be vulnerable to include malicious files containing arbitrary code to be executed on a target machine. The issue exists due to improper sanitization of user-supplied input. PlaySMS version 0.6 is reported to be vulnerable, however prior versions may be affected as well.
  • Ref: http://sourceforge.net/project/shownotes.php?group_id=97032&release_id=25340
    2
  • 04.29.27 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Multiple HTTP Response Splitting Vulnerabilities
  • Description: phpBB is a web forum application. phpBB is vulnerable to multiple HTTP response splitting issues due to a flaw in the "privmsg.php" and "login.php" scripts that will allow an attacker to manipulate how "GET" requests are handled. An attacker could modify the behavior of the web server to serve injected information.
  • Ref: http://www.securityfocus.com/bid/10753
  • 04.29.28 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Search.php Cross-Site Scripting Vulnerability
  • Description: phpBB is reportedly vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input. This can be used to steal cookie-based authentication credentials. All current phpBB 2.x versions were reported to be vulnerable.
  • Ref: http://secunia.com/advisories/12114/
  • 04.29.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Outblaze Webmail HTML Injection Vulnerability
  • Description: Outblaze is a web front end for e-mail. It has been announced that Webmail is vulnerable to an HTML injection issue due to improper sanitization of user-supplied input. A malicious user could exploit this vulnerability to steal cookie based authentication credentials or read a user's private e-mail. Current versions of Outblaze Webmail are reported to be vulnerable.
  • Ref: http://www.swp-zone.org/archivos/advisory-09.txt
  • 04.29.30 - CVE: Not Available
  • Platform: Web Application
  • Title: Adam Ismay Print Topic Mod SQL Injection
  • Description: Print Topic Mod is a module for phpBB. It is reported to be vulnerable to an SQL injection issue in the "printview.php" script. The issue exists due to improper sanitization of user-supplied URL parameters. Print Topic Mod version 1.0 is reported to be affected by this issue.
  • Ref: http://www.securityfocus.com/bid/10757/info/
  • 04.29.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Nucleus CMS Remote File Include Vulnerability
  • Description: Nucleus CMS is a web content management application. Nucleus CMS, Blog:CMS, PunBB are vulnerable to a remote file include vulnerability due to insufficient validation of user-supplied data. Blog:CMS version 3.1.4, Nucleus CMS version 3.0 1 and PunBB 1.1.5 were released to fix this issue.
  • Ref: http://forum.blogcms.com/viewtopic.php?id=324
  • 04.29.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Polar Helpdesk System Bypass
  • Description: Polar Helpdesk is a web-based support center. It has been reported that malicious users can modify the "UserID" and "UserType" values in the authentication cookies to gain administrative access. All current versions of the software are affected.
  • Ref: http://secunia.com/advisories/12120/
  • 04.29.33 - CVE: Not Available
  • Platform: Web Application
  • Title: HelpBox Multiple SQL Injection Vulnerabilities
  • Description: Layton Technology HelpBox is a web-based help desk application that runs on Windows. It has been reported that several scripts contain SQL injection vectors due to insufficent user input sanitization. HelpBox version 3.0.1 is reported vulnerable to these issues.
  • Ref: http://secunia.com/advisories/12118/
  • 04.29.34 - CVE: CAN-2004-0740
  • Platform: Network Device
  • Title: Lexmark Printer HTTP Server Denial of Service
  • Description: Several Lexmark network printers that contain a built-in web server are affected by a buffer overflow issue. Insufficient sanitization of large HTTP headers exposes this condition. Lexmark model T522 is affected.
  • Ref: http://secunia.com/advisories/12112/
  • 04.29.35 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco ONS Malformed Packet Vulnerabilities
  • Description: Cisco ONS platforms are vulnerable to multiple issues leading to denial of service conditions and an authentication bypass. Some versions of Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 hardware are vulnerable. More details about affected versions are provided in the reference link.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml
  • 04.29.36 - CVE: Not Available
  • Platform: Network Device
  • Title: Conceptronic CADSLR1 ADSL Router Denial of Service
  • Description: Conceptronic CADSLR1 is an ADSL broadband router. Insufficient sanitization of HTTP headers containing large "Authentication" requests exposes a denial of service condition in the router. All current versions are affected.
  • Ref: http://secunia.com/advisories/12110/
  • 04.29.37 - CVE: Not Available
  • Platform: Network Device
  • Title: Intel NetStructure SNMP Buffer Overflow
  • Description: Intel NetStructure devices are network load balancers and traffic directors. The devicces are reported to be vulnerable to buffer overflow issue in SNMP software. For more details about the affected versions follow the reference link.
  • Ref: http://support.intel.com/support/netstructure/sb/CS-009602.htm

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other than listed above, without prior written permission.

Just amazing content and instruction, it's really a 'must do' for any info sec professional.
-Mark Austin, PHH Mortgage

Mentor Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU