Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 46
November 22, 2004

SANS Newsletters Home

If you are using TWiki (#4 below) you'll want to install the patches now and check all your TWiki systems - the vulnerability is being actively exploited. If you are using SAMBA (#1 below) it makes sense to test the patch and schedule installation. Alan PS. This is the final week for discounts on registration for SANS in Washington DC, December 7-14 ( http://www.sans.org/cdieast04)

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 2 (#2)
    • Third Party Windows Apps
    • 8 (#5, #6, #7)
    • Linux
    • 1
    • BSD
    • 1
    • Unix
    • 2 (#1, #3)
    • Cross Platform
    • 1 (#8)
    • Web Application
    • 13 (#4)
    • Network Device
    • 2

********************* This Issue Sponsored by Radware *******************

Radware Intrusion Prevention Switch protects against worms, viruses, malicious intrusions, Denial of Service attacks and Trojans - securing networked applications at 3-Gbps. Featuring inline security switching and accelerated, stateful and deep-packet inspection, DefensePro isolates attacks and dynamically moderates bandwidth to stop propagation across the network. http://www.radware.com/content/products/dp/whtpaper/_download-20040204b/form.asp

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Unix
Cross Platform
Web Application
Network Device

*************************************************************************

Highlighted Cybersecurity Training: Washington, DC, Dec. 7-14, 2004 SANS best instructors will be in DC teaching great courses for

  • Auditors who want the technical skills so critical to successful audits.
  • Security Managers interested in best practices and SANS exclusive "security make-over"
  • Security professionals seeking CISSP (a trademark of (ISC)2) certification who want a more effective course.
  • Technical security professionals with hands-on responsibility: Hacker Exploits; Intrusion Detection In-Depth; Introduction to Information Security; SANS Security Essentials; Firewalls, VPNs, and Perimeter Protection; Securing Windows; Securing Linux/Linux; System Forensics, Investigation & Response; .Net Security.
More information and http://www.sans.org/cdieast04

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Samba QFilePathInfo Buffer Overflow
  • Affected: Samba 3.x versions prior to 3.0.8

    • Description: Samba is a UNIX-based server that provides file and printservices to the CIFS/SMB clients. The server contains a buffer overflowthat can be triggered when the server responds to a specially crafted"TRANSACT2_QFILEPATHINFO" query. This query is used to obtaininformation about a file such as creation date, last accessed time etc.An attacker can trigger the overflow by specifying a filename, whichcontains unicode characters, in the "TRANSACT2_QFILEPATHINFO" query. Inorder to exploit the flaw, an attacker needs write privileges on thesamba share to create the malicious file. The flaw can be exploited toexecute arbitrary code on the samba server with the privileges of smbd(typically root). The samba shares configured with write privileges toa directory for "anonymous" users face the maximum risk of gettingcompromised. The technical details regarding the flaw have been publiclyposted. The discoverer of the flaw has developed an exploit that is notpublicly available yet.

    • Status: Samba has fixed the flaw in version 3.0.8. Version 3.0.8 alsofixes another denial-of-service vulnerability, and hence this upgradeis recommended.

    • Council Site Actions: Five of the reporting council sites are using theaffected software and have notified their system support groups. Severalsites said they only had a few servers and those have already beenupgraded to V3.0.8. Other sites will upgrade during their next regularlyscheduled system update process. Most of the sites are blockingassociated Samba ports at their network security perimeters.

    • References:
    • (2) MODERATE: Internet Explorer Security Bypass
    • Affected:
      • IE 6.0

    • Description: Internet Explorer contains two vulnerabilities that can beexploited to trick users into downloading malicious files.

      (a) Windows XP SP2 warns users before opening downloaded files withcertain extensions. However, a specially crafted "Content-Location" HTTPheader can bypass this security warning.

      (b) JavaScript "execCommand" function, when used to save a file from awebpage, can be exploited to spoof the file extension. Hence, anattacker can save a malicious executable on a client computer even whenthe "Save HTML Dialog" box displays an HTML document as the file typebeing saved. Note that the flaw can be leveraged when "Hide extensionfor known file types" option (In Tools ->Folder Options -> View) isenabled. Hide extensions is the default Windows setting. A maliciouswebpage or an HTML email can exploit these flaws in tandem to entice auser to download and execute a malicious file. Exploit code has beenpublicly posted. Also note that Finjan security has warned of severaladditional flaws in IE on XP SP2 that may be leveraged to compromise auser's system.

    • Status: Microsoft has not confirmed the flaws. Microsoft has alsoclaimed that Finjan's report is misleading. No patches are available atthis time. A workaround is to disable "Active Scripting" and "HideExtension for known file types" in IE.

    • Council Site Actions: All reporting council sites are awaitingconfirmation from Microsoft along with a patch.

    • References:
    • (3) MODERATE: libXpm Multiple Overflow Vulnerabilities
    • Affected:
      • X11R6 version 6.8.1 and prior

    • Description: X PixMap (XPM) is an ASCII image format popularly used bythe X Windows on UNIX systems. libXpm library provides various functionsto store and read XPM image files. The library contains multiple integeroverflow vulnerabilities that may be exploited by a malicious XPM imageto compromise a client system. In order to exploit the flaws, anattacker has to entice a user (via email or another webpage) to view amalicious XPM file. These flaws were discovered during an extensivesecurity review undertaken after similar vulnerabilities were reportedin September 2004. Proof-of-concept XPM images were posted for theearlier vulnerabilities. The technical details for the newly discoveredvulnerabilities can be obtained by studying the patch.

    • Status: X.org has provided patches. Multiple Linux vendors such asFedora and SuSE have also provided updates.

    • Council Site Actions: Most of the council sites are using the affectedsoftware. Some sites will apply patches during their next regularlyscheduled system update process. One site is still awaiting patches fortheir affected O/S.

    • References:
    Other Software
    • (4) HIGH: TWiki Search Remote Command Execution
    • Affected:
      • TWikiRelease01Sep2004
      • TWikiRelease01Feb2003
      • TWikiRelease01Dec2001
      • TWikiRelease01Dec2000

    • Description: TWiki, a Perl-based CGI software, allows multiple users tomanage a web site's content through a web browser. TWiki is popularlyused for intranet content management by many companies. The searchfunction included in the software contains a command executionvulnerability. The user input to the search function is not properlysanitized. As a result, by using a "`" (back tick) character in thesearch string, an unauthenticated attacker may execute arbitrary Perlcommands on the web server. The posted advisory shows how to constructthe malicious search string.

    • Status: TWiki has confirmed and patches are available.

    • Council Site Actions: Two sites are using the affected software. Oneof these sites has already installed the patches. The other site saidthey are aware of at least two systems at their site that werecompromised by this vulnerability during the past week. The intruderdownloaded a program named /nery/bind from a remote Web site. They arechecking for other TWiki installations at their site and will determineappropriate course of action.

    • References:
    • (6) MODERATE: DMS POP3 Server User Overflow
    • Affected:
      • DMS POP3 server version 1.5.3.27 and prior

    • Description: Digital Mapping System (DMS) POP3 server, a mail server forWindows 2000/XP systems, contains a buffer overflow. An unauthenticatedattacker can trigger the overflow by sending an overlong username (over1024 characters), and exploit the flaw to possibly execute arbitrarycode with the privileges of the POP3 server process. A proof-of-conceptexploit has been posted.

    • Status: Vendor has confirmed, upgrade to version 1.5.4.27

    • Council Site Actions: The affected software is not in production orwidespread use at any of the council sites. They reported that no actionwas necessary.

    • References:
    • (7) MODERATE: Skype callto: URL Buffer Overflow
    • Affected:
      • Skype versions prior to 1.0.0.94 through 1.0.0.98 for Windows

    • Description: Skype is a peer-to-peer software for making phone callsover the Internet using VoIP technology. The software has beenreportedly downloaded over 36 million times. When Skype is installed onWindows, it registers the "Callto://" URI handler. This URI handlerallows Skype to be invoked via a web browser. The URI handler containsa buffer overflow that can be triggered by a URL (username) over 4096characters. A malicious webpage or a Skype peer may entice a Skype userto click a specially crafted link, and exploit this flaw to possiblyexecute arbitrary code on the Skype user's system. Note that InternetExplorer does not open links of length 4096 or greater; hence, IE usersface a reduced risk. Exploit code is not currently available, anddeveloping one is believed to be challenging due to limited characterset that may be used for the purpose.

    • Status: Vendor has confirmed, upgrade to version 1.0.0.100 or above. Theversion also fixes another vulnerability in handling the "quick-call"field.

    • Council Site Actions: The affected software is not in production orwidespread use at any of the council sites. They reported that no actionwas necessary.

    • Reference:
    • Posting by Febian Becker
    • http://www.securityfocus.com/archive/1/381381/2004-11-15/2004-11-21/0
    • Skype Advisory
    • http://www.skype.com/security/ssa-2004-02.html
    • Skype Homepage
    • http://www.skype.com/products/explained.html
    • SecurityFocus BID
    • http://www.securityfocus.com/bid/11682
    • http://www.securityfocus.com/bid/11692
    Exploit Code
    • (8) Default Usernames and Passwords for Oracle A list of 596 default usernames and passwords for Oracle database has been published. An attacker may obtain an unauthorized access to a mis-configured Oracle server by using the default accounts. The databa

    • Council Site Updates: All council sites using Oracle reported that theirsystem build/install process either disables these default accounts orchanges the default password. One site plans to check all Oracleinstallations using the following audit tool: http://www.petefinnigan.com/default/default_password_checker.htm

    • References:
    Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
    Week 46, 2004

    This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3875 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

    • 04.46.1 - CVE: Not Available
    • Platform: Other Microsoft Products
    • Title: Internet Explorer File Download Security Warning Bypass
    • Description: Microsoft Internet Explorer is vulnerable to a file download security warning bypass issue. An error when saving some documents using the Javascript function "execCommand()" can be exploited to spoof the file extension in the "Save HTML Document" dialog. All current versions of Internet Explorer are affected.
    • Ref: http://secunia.com/advisories/13203/
    • 04.46.2 - CVE: Not Available
    • Platform: Other Microsoft Products
    • Title: Internet Explorer Cookie Overwrite Vulnerability
    • Description: Microsoft Internet Explorer is vulnerable to an issue which can allow a remote attacker to overwrite existing cookies in the browser. Internet Explorer versions 6.0 and 6.0 SP1 are vulnerable.
    • Ref: http://www.securityfocus.com/bid/11680/discussion/
    • 04.46.3 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: ZoneAlarm Remote Ad-Blocking Denial of Service
    • Description: ZoneAlarm is a firewall for Microsoft Windows. It is vulnerable to a remote denial of service issue that exists in its ad-blocking feature which can cause the software to hang. This issue is due to a failure of the application to handle malicious scripts embedded in web sites. ZoneAlarm versions prior to 5.5.062 are vulnerable.
    • Ref: http://download.zonelabs.com/bin/free/securityAlert/18.html
    • 04.46.4 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: Skype Quick-Call Field Buffer Overrun
    • Description: Skype is peer-to-peer communication software used for Internet based voice communications. It is vulnerable to a buffer overflow issue due to improper bounds checking and is exploitable by an attacker by supplying a large string value to the application through the "quick-call" field. Skype versions 1.0.0.97 and before are vulnerable.
    • Ref: http://www.skype.com/products/skype/windows/changelog.html
    • 04.46.5 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: Fastream NetFile FTP/Web Server Denial of Service
    • Description: Fastream NetFILE is an FTP and HTTP server for Microsoft Windows. It is vulnerable to an HTTP HEAD request denial of service issue due to a failure to close the HTTP connections utilizing the "keepalive" option. Fastream NetFile versions 7.1 and before are vulnerable.
    • Ref: http://www.fastream.com/download.htm
    • 04.46.6 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: Hired Team: Trial Multiple Remote Vulnerabilities
    • Description: New Media Generation Hired Team: Trial is a shooter game. Hired Team: Trial is vulnerable to multiple remote issues such as format string, denial of service and access validation. New Media Generation Hired Team: Trial versions 2.2 and earlier are known to be vulnerable.
    • Ref: http://aluigi.altervista.org/adv/hteam-adv.txt
    • 04.46.7 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: AlShare NetNote Server Remote Denial of Service
    • Description: AlShare Software NetNote is a client/server Windows application that allows users to create notes and save them on the NetNote server. Its server component is vulnerable to a remote denial of service issue due to improper handling of an exceptional condition. NetNote server version 2.2 build 230 and earlier are vulnerable.
    • Ref: http://www.alshare.com/products/NetNote/server.html
    • 04.46.8 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: 3DO Army Men Game Remote Format String Vulnerability
    • Description: 3DO Army Men Real Time Strategy Game server is reportedly vulnerable to a remote format-string issue. Attacking game clients could use this towards a denial of service attack or even execution of arbitrary code on a vulnerable game server. 3DO Army Men version 1.0 is reported to be vulnerable.
    • Ref: http://www.securityfocus.com/archive/1/381098
    • 04.46.9 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: IMail Server Delete Command Remote Buffer Overflow
    • Description: Ipswitch IMail is an email server. It is reported to be vulnerable to a remote buffer overflow issue due to improper sanitization of the "delete" command. Ipswitch IMail version 8.13 is reported to be vulnerable.
    • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0182.html
    • 04.46.10 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: Secure Network Messenger Remote Denial of Service
    • Description: SecureAction Research Secure Network Messenger is an application designed to facilitate peer-to-peer encrypted communication and file sharing over a network. It is reported to be vulnerable to a denial of service issue due to improper sanitization of the input. Secure Network Messenger version 1.4.2 is reported to be vulnerable.
    • Ref: http://aluigi.altervista.org/adv/snmboom-adv.txt
    • 04.46.11 - CVE: CAN-2004-0883, CAN-2004-0949
    • Platform: Linux
    • Title: Linux Kernel SMBFS Multiple Remote Vulnerabilities
    • Description: The Linux kernel is reportedly vulnerable to multiple remote security issues in the SMBFS network file system. These include buffer overflows, local and remote information disclosure, and an integer underflow. These could lead to information disclosure, denial of service or even execution of arbitrary code on the vulnerable system.
    • Ref: http://security.e-matters.de/advisories/142004.html
    • 04.46.12 - CVE: Not Available
    • Platform: BSD
    • Title: FreeBSD Fetch Remote Buffer Overflow Vulnerability
    • Description: The FreeBSD fetch utility facilitates the transfer of data through FTP, HTTP, and HTTPS. It is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks for a malformed HTTP response. Fetch versions from 4.7 to 5.3 are reported to be vulnerable.
    • Ref: http://secunia.com/advisories/13226/
    • 04.46.13 - CVE: CAN-2004-0687,CAN-2004-0688
    • Platform: Unix
    • Title: libXpm Multiple Vulnerabilities
    • Description: libXpm is a graphics library available for Unix operating systems. libXpm is vulnerable to multiple issues such as integer overflow, remote command execution and directory traversal. libXpm versions 6.8.1 and earlier are known to be vulnerable.
    • Ref: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
    • 04.46.14 - CVE: CAN-2004-0882
    • Platform: Unix
    • Title: Samba Unicode Filename Remote Buffer Overflow
    • Description: Samba is a file and printer sharing application. It is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks of the "TRANSACT2_QFILEPATHINFO" request. Samba versions 3.0.0 to 3.0.7 are reported to be vulnerable.
    • Ref: http://security.e-matters.de/advisories/132004.html
    • 04.46.15 - CVE: Not Available
    • Platform: Cross Platform
    • Title: Clearswift MIMEsweeper For SMTP Encrypted Email Scanner Bypass
    • Description: Clearswift MIMEsweeper for SMTP is an email content security solution to prevent spam and virus. Clearswift MIMEsweeper is vulnerable to a filtering bypass issue. Emails containing malicious content may bypass the email scanner and reach end users. Clearswift has released MIMEsweeper for SMTP version 5.0.5 to fix this issue.
    • Ref: http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadM
      e.htm#Install
    • 04.46.16 - CVE: Not Available
    • Platform: Web Application
    • Title: Invision Power Board SQL Injection
    • Description: Invision Power Board is a web-based bulletin board. Invision Power Board is vulnerable to a remote SQL injection issue due to a failure of the application to properly validate user-supplied input in the "post.php" script. A patch has been released to fix this problem.
    • Ref: http://forums.invisionpower.com/index.php?showtopic=154916
    • 04.46.17 - CVE: CAN-2004-1055
    • Platform: Web Application
    • Title: phpMyAdmin Multiple Remote Cross-Site Scripting Vulnerabilities
    • Description: phpMyAdmin is reported to be vulnerable to multiple cross-site scripting issues due to improper sanitization of the "$cfg['PmaAbsoluteUri']" and "Zero Rows" parameters in the "read_dump.php" script. phpMyAdmin versions 2.6.0-pl2 and earlier are reported to be vulnerable.
    • Ref: http://www.netvigilance.com/html/advisory0005.htm
    • 04.46.18 - CVE: Not Available
    • Platform: Web Application
    • Title: ClickandBuild Cross-Site Scripting
    • Description: ClickandBuild is a web-based shopping cart application. Insufficient sanitization of the user-supplied "listPos" parameter exposes a cross-site scripting issue in the application. All current versions of ClickandBuild are affected.
    • Ref: http://secunia.com/advisories/13236/
    • 04.46.19 - CVE: Not Available
    • Platform: Web Application
    • Title: Moodle Multiple Unspecified Input Validation Vulnerabilities
    • Description: Moodle is a course management system. Insufficient sanitization of user-supplied input exposes various cross-site scripting and SQL injection issues. Moodle version 1.4.2 fixes these issues.
    • Ref: http://secunia.com/advisories/13091/
    • 04.46.20 - CVE: Not Available
    • Platform: Web Application
    • Title: Event Calendar Multiple Remote Vulnerabilities
    • Description: Event Calendar is a third-party calendar module for PHP-Nuke. It is reported to be vulnerable to HTML injection, SQL injection and cross-site scripting issues. The cross-site scripting issue exists due to improper sanitization of the "type", "day", "month" and "year" URL parameters. The SQL injection issue exists due to improper sanitization of the "eid" and "sid" URL parameters.
    • Ref: http://www.waraxe.us/index.php?modname=sa&id=38
    • 04.46.21 - CVE: Not Available
    • Platform: Web Application
    • Title: miniBB Remote SQL Injection Vulnerability
    • Description: miniBB is a web forum software application. It is reported to be vulnerable to a remote SQL injection issue due to improper sanitization of the "user" parameter in the "index.php" script. miniBB versions 1.7 and earlier are reported to be vulnerable.
    • Ref: http://www.securityfocus.com/bid/11688/info/
    • 04.46.23 - CVE: Not Available
    • Platform: Web Application
    • Title: PowerPortal Remote SQL Injection
    • Description: PowerPortal is vulnerable to a remote SQL injection issue. Insufficient sanitization of user-supplied parameters of the "index.php" script exposes this issue. PowerPortal version 1.3 is affected.
    • Ref: http://www.swp-zone.org/archivos/advisory-07.txt
    • 04.46.24 - CVE: Not Available
    • Platform: Web Application
    • Title: Chacmool Private Message System Multiple Vulnerabilities
    • Description: Chacmool Private Message System is an add-on script for punBB bulletin board. It is reportedly vulnerable to multiple security issues including cross-site scripting and disclosure of private user messages. These could be used towards theft of cookie-based authentication credentials or other sensitive user information. Private Message System version 1.1.3 is reported to be vulnerable.
    • Ref: http://www.securitytracker.com/alerts/2004/Nov/1012215.html
    • 04.46.25 - CVE: Not Available
    • Platform: Web Application
    • Title: Aztek Forum Cross-Site Scripting
    • Description: Aztek Forum is a web-based forum application. Insufficient sanitization of the "return" and "title" parameters in the "forum_2.php" script exposes a cross-site scripting issue and various other issues. Aztek Forum version 4.0 is affected.
    • Ref: http://www.securitytracker.com/alerts/2004/Nov/1012213.html
    • 04.46.26 - CVE: CAN-2004-1037
    • Platform: Web Application
    • Title: TWiki Search Shell Metacharacter Remote Command Execution
    • Description: TWiki is a web application for creating web sites implemented using Perl CGI. It is vulnerable to a shell metacharacter remote command execution issue due to improper user-input validation, and may allow arbitrary command execution by an attacker. TWiki versions 20030201 and earlier are vulnerable to this issue.
    • Ref: http://www.securityfocus.com/archive/1/381026
    • 04.46.27 - CVE: Not Available
    • Platform: Web Application
    • Title: Thefacebook Multiple Cross-Site Scripting Vulnerabilities
    • Description: Thefacebook is a web-based directory. Thefacebook is vulnerable to multiple cross-site scripting issues due to insufficient user-data sanitization in the "search.php" and "global.php" scripts.
    • Ref: http://www.securityfocus.com/archive/1/381030
    • 04.46.28 - CVE: Not Available
    • Platform: Web Application
    • Title: PHPWebSite HTTP Response Splitting Vulnerability
    • Description: phpWebSite is a content management system. Insufficient sanitization of the "block_username" parameter exposes an HTTP response splitting vulnerability in the application. phpWebSite version 0.x is affected.
    • Ref: http://www.securityfocus.com/archive/1/380894
    • 04.46.29 - CVE: Not Available
    • Platform: Network Device
    • Title: 3Com OfficeConnect Router Remote Denial of Service
    • Description: 3Com OfficeConnect ADSL Wireless 11g Firewall Router is a wireless network connectivity modem and router. It is reportedly vulnerable to a remote denial of service condition due to a failure of the device in handling malformed network data. An attacker may leverage this issue to cause the affected router to crash, denying service to legitimate users.
    • Ref: http://www.3com.com/products/en_US/result.jsp?selected=all&sort=effdt&or
      der=desc&sku=3CRWE754G72-A
    • 04.46.30 - CVE: Not Available
    • Platform: Network Device
    • Title: Speed Touch Pro ADSL Router DNS Poisoning Vulnerability
    • Description: Alcatel Speed Touch Pro with firewall ADSL Router is vulnerable to a DNS poisoning issue that could allow a remote attacker to spoof addresses, perform man-in-the-middle attacks and trigger potential denial of service conditions.
    • Ref: http://www.securityfocus.com/archive/1/380944

    (c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. ==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters. To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

    Intense, fast paced. Modern day Sherlock Holmes!
    -Cody Drake, Allstate Ins. Co.

    Securing the Internet of Things - San Francisco

    Latest Whitepapers

    Building and Maintaining a "Certifiable" Workforce
    By Robert J. Mavretich

    How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
    By Tim Proffitt

    Daisy Chain Authentication
    By Courtney Imbert

    Latest Tweets

    NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
    October 1, 2013 - 6:30 PM

    Tips on how to convince your boss to let you train online wi [...]
    October 1, 2013 - 6:23 PM

    #2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
    October 1, 2013 - 3:00 PM

    Contact Us

    (301) 654-SANS (7267)
    Mon-Fri 9am - 8pm EST/EDT
    info@sans.org

    "As a security professional, this info is foundational to do a competent job, let alone be successful."
    - Michael Foster, Providence Health & Security

    "Because of the use of real-world examples it's easier to apply what you learn."
    - Danny Hill, Friedkin Companies, Inc.

    "Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
    - Jerry Robles de Medina, Godo CU