Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 36
September 13, 2004

SANS Newsletters Home

A very light week for security patching, but don't relax too much. We have been told that Microsoft will announce two new vulnerabilities on Tuesday, September 14, one of which is rated "critical" and will affect Windows and Office and several other MS products. How do we know? MS gave advanced warning to their "premium" customers.

Some of the vendor white papers offered this week are very interesting - - worth the effort to fill out their registration form.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Third Party Windows Apps
    • 8 (#1, #4)
    • Mac Os
    • 2 (#2)
    • Linux
    • 1 (#5)
    • Solaris
    • 1
    • Unix
    • 1
    • Cross Platform
    • 6 (#6)
    • Web Application
    • 12 (#3)
    • Network Device
    • 1
    • Hardware
    • 1

***************** Sponsored This Week by FaceTime *************************

Secure IM and P2P

IM and P2P create serious corporate and security risks for the enterprise, and traditional security tools provide an inadequate defense. Learn how to protect your network from security threats and violations. Download a free white paper from Osterman Research, "Managing IM and P2P Threats in the Enterprise."

http://www.facetime.com/secure

***************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Cross Platform
Web Application
Network Device
Hardware

************************** SPONSORED LINKS ******************************

Privacy notice: These links redirect to non-SANS web pages.

(1) Radware DefensePro secures networked applications against viruses, malicious intrusions and Denial of Service at 3-Gbps http://www.sans.org/info.php?id=579

(2) FREE white paper on Sarbanes-Oxley compliance from ScriptLogic: Download today! http://www.sans.org/info.php?id=580

(3) Top 10 reasons why network firewalls and IDS/IPS solutions do not secure Web applications. Download Free Whitepaper. http://www.sans.org/info.php?id=581

******************** Security Training Update *************************

Featured Training program of the Week: SANS Cyber Defense Initiative CDI is in two parts: CDI South in New Orleans November 1-4 ( http://www.sans.org/cdisouth04) and CDI East in Washington, DC, December 7-14 ( http://www.sans.org/cdieast04)

New Orleans offers a whole new type of program that many people have asked us to provide: 18 one and two day courses on issues shaping the future of information security, from the newest hacker tools to changes in legal issues surrounding security. Perfect for people who have taken SANS courses and want updates and for people who just don't have time to attend a full class. On the other hand, Washington offers 13 full length immersion courses an a few short courses.

**************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Nullsoft Winamp ActiveX Buffer Overflow
  • Affected: Winamp, all versions

  • Description: The Winamp media player reportedly contains a buffer overflow in its ActiveX control that can be triggered by passing a specially crafted parameter to the control's "AppendFileToPlayList" function. A malicious webpage or an email may possibly exploit this flaw to execute arbitrary code on a client system. Proof-of-concept code has been publicly posted.

  • Status: Vendor not confirmed, no patches available. A workaround would be to set the "kill" bit for the Winamp ActiveX control.

  • Council Site Actions: The affected software is in use at three of the reporting council sites. Two sites have notified their system support staff of the problem. No other action is planned at this time since a patch is not available. The third site is aware of users who have installed the software, but since their central support staff does not support the software, no action is planned.

  • References:
Other Software
  • (3) HIGH: SiteCubed MailWorksPro Authentication Bypass
  • Affected: MailWorksPro all versions

  • Description: MailWorksPro software is designed to handle large email lists, and provides a web-based front end for its management. The software contains a vulnerability that may be exploited to obtain an unauthorized administrative access. The access can be obtained by simply setting the "uid" and "auth" cookie variables in the login request. Since the software is used for managing large mailing lists, it may be a likely target for attack by spammers.

  • Status: Vendor confirmed, patch available. A workaround is to block access to the MailWorksPro webserver from the Internet.

  • Council Site Actions: The affected software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) MODERATE: Altnet Download Manager ActiveX Buffer Overflow
  • Affected: Altnet Download Manager versions 4.0.0.2 and 4.0.0.4

  • Description: Altnet Download Manager is designed to facilitate and accelerate user downloads. The software is bundled with the widely deployed peer-to-peer network applications like KaZaa and Grokster. This download manager contains a stack-based buffer overflow in its ActiveX control's "IsValidFile" function, which be triggered by a specially crafted 'bstrFilepath' parameter. A malicious webpage or an HTML email may exploit this vulnerability to execute arbitrary code on a client system. The technical details have been publicly posted.

  • Status: Vendor confirmed, a new version can be downloaded from the vendor's homepage at http://www.altnet.com.

  • Council Site Actions: The affected software is not in production or supported use at any of the council sites; although several sites reported a small user base. Because the software is not supported by their IT departments, no action is planned.

  • References:
  • (5) LOW: mpg123 MPEG Player Buffer Overflow
  • Affected: mpg123 version 0.59 r and 0.59s

  • Description: mpg123 is an mpeg audio player for Unix/Linux systems and ships with a number of Linux flavors. The player can be configured as the default helper application (for mp3 files) for the web browsers. This player contains a buffer overflow in the "do_layer2()" function of its mpeg decoder. The flaw can be exploited by a malicious mp3 file to execute arbitrary code on a client system. The technical details regarding the flaw have been posted.

  • Status: Vendor not confirmed, an unofficial patch is included in the discoverer's posting.

  • Council Site Actions: The affected software is not in production or supported use at any of the council sites. Although several sites reported having a small user base; they do not plan any action.

  • References:
  • (6) LOW: Trillian MSN Messenger Buffer Overflow
  • Affected: Trillian version 0.74i

  • Description: Trillian is a widely used instant messenger client that can interoperate with multiple messenger programs such as Yahoo!, MSN, ICQ etc. The client contains a buffer overflow in its MSN module that can be triggered by an overlong server response (over 4096 bytes). The flaw can be exploited to execute arbitrary code on the client system. However, to exploit this flaw, an attacker has to conduct a man-in-the-middle attack, after a client establishes a connection with the MSN server. The exploit code has been publicly posted.

  • Status: Vendor has been contacted, no patches available yet.

  • Council Site Actions: The affected software is not in production or supported use at any of the council sites; although several sites reported having a small user base. One did scan their network for the backdoor on port 5555 to identify any impacted clients. Several other sites notified their system support staff.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3707 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.36.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TYPSoft FTP Server Denial of Service
  • Description: TYPSoft FTP Server is an FTP server implemented for the Windows platform. It is reported to be vulnerable to a remote denial of service issue. This issue exists due to improper sanitization of input. The vulnerability can be exploited by sending two successive "RETR" commands in a row without downloading a file and then sending a "QUIT" command. TYPSoft FTP versions 1.11 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/373536
  • 04.36.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IMail Server Multiple Denial of Service
  • Description: Ipswitch IMail Server is an email server. IMail is vulnerable to multiple denial of service vulnerabilities that will crash the server. IMail version 8.13 fixes these issues.
  • Ref: http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES
  • 04.36.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp ActiveX Control Remote Buffer Overflow
  • Description: The Winamp media player's ActiveX control is reportedly vulnerable to a remote buffer overflow condition. This issue can be exploited when a user visits a malicious web site that invokes this control. All current versions of Winamp are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11107/
  • 04.36.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WhatsUp Gold Remote Buffer Overflow
  • Description: Ipswitch WhatsUp Gold is a network monitoring and management application. It is reported to be vulnerable to a remote buffer overflow issue. The issue exists due to improper sanitization of notification instance names that are provided to the web interface. Ipswitch WhatsUp Gold versions 7.04, 7.03, 7.0, 8.03 hotfix 1, 8.03, 8.01 and 8.0 are reported to be vulnerable.
  • Ref: http://www.ipswitch.com/support/WhatsUp/patch-upgrades.html
  • 04.36.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WhatsUp Gold prn.htm Denial of Service
  • Description: Ipswitch WhatsUp Gold is a network monitoring and management application. It is reported to be vulnerable to denial of service issue. The issue exists due to improper sanitization of HTTP GET requests for the "prn.htm" page. Ipswitch WhatsUp Gold versions 7.0, 7.03, 7.04, 8.0, 8.01, 8.03 and 8.03 hotfix 1 are reported to be vulnerable.
  • Ref: http://www.ipswitch.com/support/WhatsUp/patch-upgrades.html
  • 04.36.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: eZ/eZphotoshare Remote Denial of Service
  • Description: eZphotoshare allows sharing of digital photos across a network. It is reportedly vulnerable to a remote denial of service condition when over 80 network connections are made simultaneously to the server. This vulnerability is reported to affect eZ version 3.4.0 and eZphotoshare version 1.2.1.
  • Ref: http://www.securityfocus.com/bid/11129/
  • 04.36.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trillian Client MSN Module Remote Buffer Overflow
  • Description: Trillian is an instant messaging client that supports a number of protocols. It is reportedly vulnerable to a remote buffer overflow condition. This requires an attacker to execute a man-in-the-middle attack posing as the MSN server to the client. Trillian version 0.74i is reported to be vulnerable to this issue.
  • Ref: http://unsecure.altervista.org/security/trillian.htm
  • 04.36.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable Mail Exchange Record Denial of Service
  • Description: The MailEnable mail server is reportedly vulnerable to a remote denial of service condition while processing certain mail exchange records. This is due to faulty exception handling when a large number of mail exchange records are passed to the server. All current versions are reported to be vulnerable.
  • Ref: http://www.mailenable.com/hotfix/
  • 04.36.9 - CVE: CAN-2004-0825
  • Platform: Mac Os
  • Title: QuickTime Streaming Server Denial of Service
  • Description: Apple QuickTime streaming server allows for transmission of multimedia content to remote clients. It is reported to be vulnerable to a denial of service issue. The vulnerability can be exploited by using a specific sequence of operations. Apple has released patches to address the issue.
  • Ref: http://www.securityfocus.com/advisories/7148
  • 04.36.10 - CVE: CAN-2004-0720
  • Platform: Mac Os
  • Title: Safari Cross-Domain Frame Loading Vulnerability
  • Description: Apple Safari is vulnerable to a cross-domain frame loading vulnerability. A web site that uses multiple frames can have some of its frames replaced with content from a malicious site if the malicious site is visited first.
  • Ref: http://www.securityfocus.com/advisories/7148
  • 04.36.11 - CVE: CAN-2004-0805
  • Platform: Linux
  • Title: mpg123 Remote Buffer Overflow
  • Description: mpg123 is an audio file player. It is reported to be vulnerable to a buffer overflow issue. The issue exists due to improper sanitization of MPEG 2 and 3 headers. mpg123 versions 0.59s and 0.59r are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0058.html
  • 04.36.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris in.named Remote Denial of Service
  • Description: The Solaris operating system ships with a customized implementation of the BIND DNS server. Insufficient sanitization of specially crafted dynamic updates crashes the service. Only Solaris 8 is affected. Solaris 7 and 9 are not vulnerable.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57614-1
  • 04.36.13 - CVE: Not Available
  • Platform: Unix
  • Title: gnubiff Multiple Remote POP3 Protocol Vulnerabilities
  • Description: gnubiff is an email notification application. It is reportedly vulnerable to multiple security issues in the POP3 protocol functionality. These include a buffer overflow and denial of service conditions. Versions prior to 2.0 are reported to be vulnerable.
  • Ref: http://gnubiff.sourceforge.net/changelog.php
  • 04.36.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cosminexus Portal Framework Information Disclosure
  • Description: Cosminexus Portal Framework is a framework for creating enterprise web portal systems. An information disclosure issue presents itself when a Java portlet utilizes the "<ut:cache>" tag library. It may be possible for contents of cache objects to be replaced by the contents of other cache objects allowing sensitive information to be sent to a different user than intended. Hitachi has released various patches for Windows, AIX, HP-UX and Solaris.
  • Ref: http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/index-e.html
  • 04.36.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Call of Duty Remote Denial of Service
  • Description: Call of Duty is a game with network gaming capabilities. It is reported to be vulnerable to a denial of service issue. The vulnerability can be exploited by sending a query or response larger than 1024 bytes to the target. Activision Call of Duty version 1.4 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0055.html
  • 04.36.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Halo Game Server Remote Denial of Service
  • Description: Halo Combat Evolved is a computer game that allows network play. The game server is reportedly vulnerable to a remote denial of service condition when handling certain specially crafted input from a game client. This will crash the game server denying service to legitimate clients. Versions 1.04 and prior are reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/haloboom-adv.txt
  • 04.36.17 - CVE: CAN-2004-0823
  • Platform: Cross Platform
  • Title: OpenLDAP Ambiguous Password Attribute Weakness
  • Description: OpenLDAP is an open source implementation of the LDAP protocol. It is reported to be vulnerable to an ambiguous password attribute weakness. Under certain conditions, an attacker could authenticate to the application using the password hash instead of the password itself. This can be obtained by sniffing the network traffic or from the database. Currently OpenLDAP 2.1.19 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7148
  • 04.36.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Empty Embedded Object JavaScript Denial of Service
  • Description: Opera is a web browser. Creating an embedded "CCCC" object with an empty "src" tag, and then referencing the "text" attribute of the object may cause Opera to crash. Opera versions 7.23 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/373854
  • 04.36.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Emdros Database Engine Denial of Service
  • Description: Emdros is a text database engine for analyzed or annotated text. Failure to correctly free allocated memory in the "mql" process while handling "CREATE OBJECT TYPE" and "UPDATE OBJECT TYPE" statements subsequently leads to a denial of service condition. Emdros versions 1.1.20 and earlier are affected.
  • Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=981660&group_id
    =37219&atid=419458
  • 04.36.20 - CVE: Not Available
  • Platform: Web Application
  • Title: Regulus Multiple Information Disclosure Vulnerabilities
  • Description: SAFE TEAM Regulus is web based accounting software used by Internet Service Providers to monitor Remote Authentication Dial-In User Service (RADIUS). A remote attacker can retrieve password hashes from the application. All current versions of SAFE TEAM Regulus are affected.
  • Ref: http://www.aosp.net/regulus.htm
  • 04.36.21 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteCubed MailWorks Authentication Bypass
  • Description: SiteCubed MailWorks Professional is mailing list management software. By sending cookie data containing "auth=1; uId=1", an attacker can bypass the authentication checks and become the user with an ID of 1 giving him administrative access to the web application. All current versions of SiteCubed MailWorks are affected.
  • Ref: http://www.securityfocus.com/archive/1/374118
  • 04.36.22 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGroupWare Wiki Cross-Site Scripting
  • Description: PHPGroupWare is a web based groupware system. Due to insufficient sanitization of user supplied data of the "transforms.php" script, PHPGroupWare is vulnerable to a cross-site scripting attack. PHPGroupWare versions 0.9.16.003 and earlier are known to be vulnerable.
  • Ref: http://downloads.phpgroupware.org/changelog
  • 04.36.23 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyBackupPro Input Validation Vulnerabilities
  • Description: phpMyBackupPro is a web-based MySQL backup application. It is reported to be vulnerable to multiple unspecified input validation issues. These issues exist due to insufficient sanitization of some configuration entries and MySQL username and password values. phpMyBackupPro versions 0.6.2 and prior are reported to be vulnerable.
  • Ref: http://www2.fht-esslingen.de/~dirait00/
  • 04.36.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Keene Digital Media Server Admin Authentication Bypass
  • Description: Keene Digital Media Server is a web-based file sharing application. It is reportedly vulnerable to an authentication bypass issue that allows unauthenticated remote users to access administrative web pages. Keene Digital Media Server version 1.0.2 was reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11112/
  • 04.36.25 - CVE: CAN-2004-0787
  • Platform: Web Application
  • Title: OpenCA HTML Injection Vulnerability
  • Description: OpenCA is an open source Certificate Authority suite. It is reportedly vulnerable to an HTML injection issue. The issue exists due to an insufficient user-input validation in the OpenCA PKI software. All current versions of the suite are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/374329
  • 04.36.26 - CVE: Not Available
  • Platform: Web Application
  • Title: Usermin HTML Email Script Code Command Execution
  • Description: Usermin is a web-based user interface designed to allow users to access email and configure various user settings. Usermin is vulnerable to a script code execution vulnerability when rendering HTML email messages. This is due to insufficient sanitization of the email message. Usermin versions 1.080 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/374439
  • 04.36.27 - CVE: Not Available
  • Platform: Web Application
  • Title: Keene Digital Media Server Cross-Site Scripting
  • Description: Keene Digital Media Server is a web application used to facilitate the sharing of media files. Keene Digital Media Server is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied data in multiple fields. Keene Digital Media Server 1.0.2 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11111
  • 04.36.28 - CVE: Not Available
  • Platform: Web Application
  • Title: PSnews No Parameter Cross-Site Scripting
  • Description: PSnews is a web-based content management system. It is reported vulnerable to a cross-site scripting issue. The issue exists due to insufficient user supplied data sanitization in the "no" parameter of the "show_all" and "add_kom" functions. PSnews version 1.1 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/374773
  • 04.36.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Site News Authentication Bypass Vulnerability
  • Description: UtilMind Solutions Site News is a PERL CGI script that allows news items to be added to third party web sites. It is reported to be vulnerable to an authentication bypass issue. The issue exists due to improper sanitization of user-supplied input to the "sitenews.cgi" script. UtilMind Solutions Site News version 1.1 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0057.html
  • 04.36.30 - CVE: Not Available
  • Platform: Web Application
  • Title: Tutti Nova Multiple Unspecified Vulnerabilities
  • Description: Tutti Nova is a web-news management application. Tutti Nova is vulnerable to multiple security issues that are unspecified for the moment. Tutti Nova version 1.0 is known to fix these issues.
  • Ref: http://secunia.com/advisories/12467/
  • 04.36.31 - CVE: Not Available
  • Platform: Web Application
  • Title: BBS E-Market Professional Remote File Include Vulnerability
  • Description: BBS E-Market Professional is a web-based e-commerce application implemented in PHP. It is reported to be vulnerable to a remote file include issue. The issue exists due to improper sanitization of user-supplied input to the "pageurl" parameter of the "index.php" script.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0078.html
  • 04.36.32 - CVE: Not Available
  • Platform: Network Device
  • Title: Dynalink RTA 230 ADSL Router Default Backdoor Account
  • Description: The Dynalink RTA 230 ADSL router is a broadband router. It is reported to be vulnerable to a default backdoor account issue with the "userNotUsed" username and "userNotU" password.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0033.html
  • 04.36.33 - CVE: Not Available
  • Platform: Hardware
  • Title: Engenio Storage Controller Remote Denial of Service
  • Description: Engenio provides various SATA and fiber channel OEM disk storage systems. Insufficient sanitization of specially crafted TCP packets exposes a denial of service condition in the storage controllers. Affected hardware includes Storagetek D280 and IBM DS4100. Other devices using a similar controller may be affected.
  • Ref: http://www.securityfocus.com/archive/1/374246

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other than listed above, without prior written permission.

SANS provides the most exhaustive, comprehensive security source available. Bring your hardhat, you're going to work!
-Richard Williams, Symark Software

vLive FOR508

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage