Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 49
December 13, 2004

SANS Newsletters Home

Not much for you to do this week unless you are using MaxDB (#4 below) in which case you should do an immediate upgrade to version 7.5.00.19. MaxDB is sometimes used in large organizations with SAP installations. Good news on security training. SANS' largest training program (SANS 2005 in San Diego in April) just opened for registration. There's no place better than San Diego in the spring (expect perhaps Orlando in early February, and you are also invited to a big training program there and then). See www.sans.org for information on both programs.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 2 (#2, #3)
    • Third Party Windows Apps
    • 6 (#6, #7)
    • Linux
    • 2 (#5)
    • Solaris
    • 1
    • Unix
    • 4
    • Mac OS (#8 Cumulative update)
    • Cross Platform
    • 9 (#1, #4)
    • Web Application
    • 12

**************** This Issue Sponsored by WhatWorks **********************

Visit with experienced users, online, to find out what actually works for intrusion prevention, vulnerability management, transaction security, email and spam control, vulnerability remediation, patch management and managed security services. Register for the free What Works in web filtering web cast on Tuesday at 2:00 EST < https://www.sans.org/webcasts/show.php?webcastid=90534> and review all the WhatWorks web casts at < http://www.sans.org/webcasts/archive.php>. All US and Canadian subscribers with up to date surface mail addresses will get the new WhatWorks poster in about two weeks. Update your address at <portal.sans.org>

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application

************************** SPONSORED LINKS ****************************** Privacy notice: Sponsored links redirect to non-SANS web pages.

(1) Stop Cyber Attacks Now. FREE White Paper: How to Evaluate Intrusion Prevention Systems http://www.sans.org/info.php?id=681

*************************************************************************

PART I Critical Vulnerabilities
Widely Deployed Software
  • (1) MODERATE: Internet Explorer FTP Command Injection
  • Affected:
    • Internet Explorer version 6.0 on Windows 2000/XP

  • Description: Internet Explorer supports URLs beginning with "ftp://".IE's FTP URL handler decodes hex-encoded characters such as "%0a" and "%20". Hence, it is possible to inject FTP commands in a URL using the hex-encoded newline and space characters. An FTP server may exploit this flaw to download a malicious file to a client system. To exploit the flaw, an attacker has to set up a webpage containing a specially constructed URL that points to an FTP server under the attacker's control. A client, who visits the attacker's webpage, can be made to automatically issue commands against the attacker's FTP server. This can possibly result in the client downloading a malicious file from the attacker's FTP server. However, the attacker would need to leverage another IE flaw to execute the downloaded file on the client's system.The posted advisory shows how to construct a malicious FTP URL.

  • Status: Microsoft not confirmed, no patches available.

  • Council Site Actions: All council sites are awaiting confirmation from the vendor and a patch. They plan to patch during the regular system update process.

  • References:
  • (2) LOW: Multiple Browsers Window Injection Vulnerability
  • Affected:
    • Internet Explorer version 6.0 and prior
    • Safari version 1.2.4 and prior
    • Mozilla version 1.7.3 and prior
    • Firefox version 1.0 and prior
    • Netscape Navigator version 7.2 and prior Netscape version 7.0

  • Description: A vulnerability has been discovered in multiple browsers that could allow an untrusted website to spoof the content and appear as a trusted site. The problem occurs because an untrusted website can inject content into a window opened by a trusted site. An attacker, who can entice a user to browse his site and a trusted site at the same time, may exploit this flaw to steal sensitive information from the user (phishing attacks). Proof-of-concept exploit has been publicly posted.

  • Status: None of the vendors have issued a patch at this time. Please refer to the council site actions for a suggested workaround.

  • Council Site Actions: All council sites are awaiting confirmation from the vendor and a patch. They plan to patch during the regular system update process. One site suggested a workaround for their users. They proposed using a separate browser session for entering sensitive data.In other words, the user should exit from their browser program, launch the browser program for use exclusively in visiting an important site (such as a bank), and again exit from their browser program after use of this single site is completed.

  • References:
Other Software
  • (3) HIGH: W3who ISAPI DLL Buffer Overflow
  • Affected:
    • IIS servers using W3Who.dll

  • Description: W3Who.dll, an Internet Server Application Programming Interface (ISAPI) program, can display information about a client connecting to an IIS webserver such as the client's security context, environmental variables etc. This DLL contains a buffer overflow that can be triggered by passing an overlong parameter (over 519 bytes). The flaw can be possibly exploited to execute arbitrary code with the privileges of the IIS server. The technical details about the flaw have been posted. An exploit is under development and will reportedly be released in the open source Metasploit exploit framework.

  • Status: Microsoft has removed downloads of this DLL but does not plan to update it. Do not run this DLL on production IIS servers.

  • Council Site Actions: The affected software is not in production or widespread use, nor is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (5) MODERATE: imlib Multiple Buffer Overflow Vulnerabilities
  • Affected:
    • imlib version 1.9.14 and prior

  • Description: imlib is an advanced image manipulation library that can replace libXpm. The library is used by multiple Linux window managers.This library contains buffer overflow vulnerabilities similar to the ones found in libXpm. A malicious image may trigger the overflows, and possibly execute arbitrary code on a client viewing the image via a program linked against imlib. Proof-of-concepts exploits are publicly available for the libXpm flaw.

  • Status: Various Linux vendors have released an update.

  • Council Site Actions: Three of the reporting council sites are using the affected software and all of these use the Up2Date software to update their systems. One site said the patch should already be out on their Up2Date server. The other two sites said the patch would go out later this month. One of these sites is still investigating patches from other Linux vendors.

  • References:
  • (6) MODERATE: GetRight Download Manager Buffer Overflow
  • Affected:
    • GetRight versions prior to 5.2b

  • Description: GetRight, a download manager to accelerate internet file downloads, has a few million users. The download manager contains a buffer overflow in its DUNZIP32.DLL, the DLL it uses for unzipping files. A malicious zip file can trigger the overflow, and possibly execute arbitrary code on the client system. An attacker has to entice a user to download the specially crafted zip file to exploit the flaw.Exploit code for the overflow described in MS04-034, which may be similar to this one, is publicly available.

  • Status: Vendor confirmed, upgrade to version 5.2b.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Patches
  • (7) Nullsoft Winamp IN_CCDA.dll Buffer Overflow

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. All but one site reported that no new action was necessary. The final site has advised their Winamp users to patch their systems.

  • References:
  • (8) Cumulative Mac OS X Update

  • Council Site Actions: There were on three council sites using the affected software. One site has already distributed the patch. The second site commented that their systems are regularly updated by the Software Update Facility. The third site does not support Mac OS but said the few users who do us it typically update their systems fairly quickly.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2004

  • 04.49.1 - CVE: CAN-2004-1133, CAN-2004-1134
  • Platform: Other Microsoft Products
  • Title: Microsoft Windows 2000 Resource Kit Multiple Remote Vulnerabilities
  • Description: Microsoft Windows 2000 Resource Kit's &quot;w3who.dll&quot; library is reported to be vulnerable to cross-site scripting and a buffer overflow condition. These issues can be used towards theft of cookie-based authentication and arbitrary code execution.
  • Ref: http://www.securityfocus.com/archive/1/383394
  • 04.49.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Sysimage Protocol Handler Local File Detection Vulnerability
  • Description: Microsoft Internet Explorer is reported to be vulnerable to a local file detection issue, due to improper sanitization of the &quot;sysimage://&quot; protocol handler. Microsoft Internet Explorer 6 on Windows 2000 and Windows XP SP1 is reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13396/
  • 04.49.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Burut Kreed Game Server Multiple Remote Vulnerabilities
  • Description: Kreed is a computer game that is developed by Burut. It is reported to be vulnerable to format string and denial of service issues, due to improper sanitization of input. Kreed versions 1.05 and earlier are reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/kreedexec-adv.txt
  • 04.49.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates Unicenter Authentication Bypass
  • Description: Computer Associates Unicenter Remote Control (URC) application is used to remotely control Windows systems. URC allows users that have been authenticated by the underlying operating system to access a remote URC Management Server without verifying any authentication credentials. URC versions 6.0 and 6.0 SP1 are affected.
  • Ref: http://esupport.ca.com/index.html?/public/rco_controlit/infodocs/securitynotice.
    asp
  • 04.49.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ibex Software Remote Denial of Service
  • Description: Remote Execute is a remote network administration application. An attacker can crash the application by establishing approximately seven connections to it over TCP port 2000. Remote Execute version 2.30 is affected.
  • Ref: http://secunia.com/advisories/13389/
  • 04.49.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Digital Illusions Multiple Games Remote Denial of Service Vulnerabilities
  • Description: Battlefield 1942 and Battlefield Vietnam are network enabled PC games. These are reported to be vulnerable to a remote denial of service condition in the client while handling certain malformed network input from a malicious server. Battlefield 1942 versions 1.6.19 and prior and Battlefield Vietnam versions 1.2 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/383549
  • 04.49.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GetRight DUNZIP32.dll Remote Buffer Overflow
  • Description: Headlight Software GetRight is a download manager. GetRight is vulnerable to a remote buffer overflow issue when handling specially crafted skin files due to insufficient boundary checks in the DUNZIP32.dll compression library. GetRight version 5.2b has been released to fix this issue.
  • Ref: http://www.getright.com/new52.html
  • 04.49.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kerio WinRoute Firewall DNS Poisoning
  • Description: Kerio WinRoute Firewall is affected by an issue due to an unspecified error and can be exploited to insert fake information in the DNS cache. Kerio WinRoute Firewall version 6.x is affected.
  • Ref: http://secunia.com/advisories/13374/
  • 04.49.9 - CVE: Not Available
  • Platform: Linux
  • Title: SuSE Linux Enterprise Server NFS Denial of Service
  • Description: A remote denial of service and storage corruption vulnerability affects the NFS functionality of the SuSE Linux Enterprise Server. Reportedly, the &quot;readdirplus&quot; NFS command can be used to corrupt the memory of the NFS functionality, causing the affected computer to crash and potentially corrupt data stored on disk.
  • Ref: http://www.securityfocus.com/advisories/7579
  • 04.49.10 - CVE: CAN-2004-1014
  • Platform: Linux
  • Title: NFS rpc.statd Remote Denial of Service
  • Description: rpc.statd implements the NSM (Network Status Monitor) RPC protocol. rpc.statd fails to ignore the SIGPIPE signal and terminates on receiving this signal. nfs-utils version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/11785
  • 04.49.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris in.rwhod(1M) Daemon Remote Code Execution
  • Description: in.rwhod(1M) is a server that maintains the database used by the rwho(1) and ruptime(1) programs. It is reported to be vulnerable to an unspecified issue that may allow remote code execution.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1
  • 04.49.12 - CVE: Not Available
  • Platform: Unix
  • Title: Gaim Festival Plug-in Remote Denial of Service
  • Description: Gaim is an instant messaging client that supports numerous protocols. Its &quot;Festival&quot; plugin is reported to be vulnerable to a remote denial of service condition while handling certain network data. Gaim Festival Plug-in versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/11805/
  • 04.49.13 - CVE: CAN-2004-1026, CAN-2004-1025
  • Platform: Unix
  • Title: imlib Multiple BMP Image Decoding Buffer Overflow Vulnerabilities
  • Description: imlib is a graphic library. IMLib is vulnerable to multiple buffer overflow vulnerabilities when handling malformed bitmap images. imlib version 1.9.14 is known to be vulnerable.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
  • 04.49.14 - CVE: Not Available
  • Platform: Unix
  • Title: imlib Multiple Remote Integer Overflow Vulnerabilities
  • Description: The imlib graphics library is reported to be vulnerable to multiple remote integer overflow conditions. An attacker may leverage this towards arbitrary code execution and privilege escalation. All current versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11837/
  • 04.49.15 - CVE: Not Available
  • Platform: Unix
  • Title: Squid Proxy Failed DNS Lookup Information Disclosure
  • Description: Squid is a web proxy software package. It is reported to be vulnerable to an information disclosure issue. The issue presents itself when it processes a sequence of failed DNS lookup requests, and returns random error messages to the user. Squid versions 2.5 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13408/
  • 04.49.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Commerce Default User Information Disclosure
  • Description: IBM WebSphere Commerce is part of the Websphere platform of products distributed by IBM. It is reported to be vulnerable to a user information disclosure issue. IBM Websphere versions 5.1, 5.4, 5.5 and 5.6 are reported to be vulnerable.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21187876
  • 04.49.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Browsers JavaScript IFRAME Rendering Denial of Service
  • Description: Mozilla/Netscape and Firefox browsers are reported to be vulnerable to a denial of service issue. The issue presents itself when a javascript function attempts to print an IFRAME that is embedded in the page.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=272381
  • 04.49.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Browser FTP URI Command Execution Vulnerabilities
  • Description: Microsoft Internet Explorer and KDE Konqueror insufficiently sanitize the &quot;%0a&quot; characters in the FTP URL sequence. They interpret the characters as &quot;CWD&quot; commands. All current versions of Internet Explorer and KDE Konqueror version 3.3.1 are affected.
  • Ref: http://www.7a69ezine.org/node/view/168 http://www.securityfocus.com/bid/11827
  • 04.49.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell Remote IMS/NIMS/NetMail Insecure Default Password
  • Description: Novell IMS/NIMS/NetMail is an email store maintained and developed by Novell. It is reported to be vulnerable to an insecure default password issue. Novell has released a tool to change the default password.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm
  • 04.49.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MaxDB WebDav Handler Remote Buffer Overflow
  • Description: MySQL MaxDB WebDav Handler is reported to be vulnerable to multiple remote buffer overflow conditions. An attacker may leverage this issue towards arbitrary code execution on a vulnerable system. MaxDB versions 7.5.00.18 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/383555
  • 04.49.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MaxDB WAHTTP Server Remote Denial of Service
  • Description: MySQL MaxDB WAHTTP is affected by a denial of service issue. The problem presents itself when a malicious user submits a request for a non-existent file followed by two carriage return characters which causes the application to crash. MaxDB versions 7.5.00.08 to 7.5.00.18 are affected.
  • Ref: http://www.gleg.net/advisory_maxdb.shtml
  • 04.49.22 - CVE: CAN-2004-1156
  • Platform: Cross Platform
  • Title: Remote Window Hijacking Vulnerability Affecting Multiple Browsers
  • Description: Multiple browsers are affected by a remote window hijacking issue. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. All current versions of Opera, Netscape, Internet Explorer, Apple Safari, Mozilla and Firefox are affected.
  • Ref: http://secunia.com/secunia_research/2004-13/advisory/
  • 04.49.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Clearswift MIMEsweeper For SMTP Denial of Service
  • Description: Clearswift MIMEsweeper For SMTP is an email gateway filter application. It is reported to be vulnerable to a denial of service issue. The issue presents itself when it performs analysis on a specially crafted PDF file attachment. MIMEsweeper released a 5.0 service pack 1 version to address this issue.
  • Ref: http://secunia.com/advisories/13411/
  • 04.49.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: F-Secure Policy Manager FSMSH.DLL Path Disclosure
  • Description: F-Secure Policy Manager discloses the application installation path when the &quot;fsmsh.dll&quot; script is called with invalid arguments. F-Secure Policy Manager version 5.11.2810 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/13416/
  • 04.49.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Advanced Guestbook Cross-Site Scripting
  • Description: Advanced Guestbook is a guest book script. Insufficient sanitization of the &quot;entry&quot; parameter in the &quot;index.php&quot; file exposes a cross-site scripting issue. Advanced Guestbook version 2.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/383409
  • 04.49.26 - CVE: Not Available
  • Platform: Web Application
  • Title: paFileDB Error Message Path Disclosure
  • Description: paFileDB is a web-based database. A specially crafted request to the &quot;admins.php&quot;, &quot;category.php&quot; or &quot;team.php&quot; will reveal the installation path of paFileDB in the error message returned. paFileDB version 3.1 is known to be vulnerable.
  • Ref: http://echo.or.id/adv/adv09-y3dips-2004.txt
  • 04.49.27 - CVE: Not Available
  • Platform: Web Application
  • Title: paFileDB Password Hash Disclosure
  • Description: paFileDB is a web-based database of files. It is reportedly vulnerable to an issue that allows users to view the password hash of other accounts, including the administrator account. An attacker could use an offline bruteforce attack on the captured hashes to reveal the passwords. paFileDB version 3.1 is reported to be vulnerable.
  • Ref: http://echo.or.id/adv/adv09-y3dips-2004.txt
  • 04.49.28 - CVE: Not Available
  • Platform: Web Application
  • Title: Hosting Controller FilePath Parameter File Disclosure
  • Description: Hosting Controller is an application that consolidates all hosting tasks into one interface. It is reported to be vulnerable to an arbitrary file disclosure condition. Attackers could gain access to sensitive system information this way. Hosting Controller versions 6.1 hotfix 1.4 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11822/
  • 04.49.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Ansel Multiple Input Validation Vulnerabilities
  • Description: Ansel is a picture gallery for web sites. Ansel is vulnerable to multiple cross-site scripting and SQL injection issues. These vulnerabilities were fixed in Ansel version 2.2.
  • Ref: http://secunia.com/secunia_research/2004-17/advisory/
  • 04.49.30 - CVE: Not Available
  • Platform: Web Application
  • Title: Last 10 Posts Add-On Script For VBulletin SQL Injection
  • Description: &quot;Last 10 Posts&quot; is a vBulletin add-on script. It is reportedly vulnerable to an SQL injection issue that could be leveraged by an attacker to compromise the backend database. Version 2.0.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11825/
  • 04.49.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Blog Torrent BTDownload.PHP Cross-Site Scripting
  • Description: Blog Torrent is used to aid in the use of the bittorrent protocol. Insufficient sanitization of the &quot;file&quot; parameter in the &quot;btdownload.php&quot; script exposes a cross-site scripting issue. Blog Torrent version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/11839/info/
  • 04.49.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Darryl Burgdorf WebLibs Directory Traversal Vulnerability
  • Description: WebLibs is a web-based version of the &quot;Mad Libs&quot; party game. It is reported to be vulnerable to a remote directory traversal issue, due to improper sanitization of &quot;TextFile&quot;. WebLibs 1.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11848
  • 04.49.33 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Gift Registry Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHP Gift Registry is a gift sharing web application implemented in PHP. It is reported to be vulnerable to multiple cross-site scripting issues, due to improper sanitization of the &quot;message&quot; parameter in the &quot;event.php&quot; and &quot;index.php&quot; scripts. PHP Gift Registry version 1.3.5 is reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13414/
  • 04.49.34 - CVE: Not Available
  • Platform: Web Application
  • Title: IlohaMail Unspecified Vulnerability
  • Description: IlohaMail is a web e-mail package. IlohaMail is vulnerable to an unspecified security issue. IlohaMail versions 0.8.13 and earlier are known to be vulnerable.
  • Ref: http://secunia.com/advisories/13413/
  • 04.49.35 - CVE: Not Available
  • Platform: Web Application
  • Title: Codestriker Repository Access Control Bypass
  • Description: Codestriker is a web-based online software repository application. It is reported to be vulnerable to an access control bypass issue due to improper sanitization. Codestriker version 1.8.4 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/13393/
  • 04.49.36 - CVE: CAN-2004-0067
  • Platform: Web Application
  • Title: PhpGedView Cross-Site Scripting Vulnerability
  • Description: PhpGedView is a web-based interface for genealogy data. It is reported to be vulnerable to a cross-site scripting condition. This is due to insufficient user-supplied input sanitization performed in the application. This issue could be exploited to steal cookie-based authentication credentials. PhpGedView version 2.65 is reported to be fixed and not vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/349698

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. ==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters. To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

Consistently some of the best training available. It is apparent that SANS updates their course content and SANS instructors are established experts in the field.
-Ryan Macfarlane, FBI

GIAC GMOB Certification

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP