Telstra Outage
We had a couple of reports that Telstra (Australia) was down earlier today. Still not sure what the problem was, but to Telstra's credit they are using Twitter to keep their customers informed. Follow them at http://twitter.com/Telstra.
UPDATE - Looks like it might have been a DNS maintenance problem. Some details are here. Thanks for the pointer to that page, Mike!
Marcus H. Sachs
Director, SANS Internet Storm Center
RealVNC Remote Auth Bypass?
We had an interesting submission from one of our readers today. He thinks there might be a problem with RealVNC. Here are the comments he sent us:
I'm a professional computer tech for a living, although I don't specialize in security. A few minutes ago I was shutting my PC down to go to a job when I noticed the VNC icon in my system tray was black, indicating a connection. I was immediately suspicious and powered the machine back on but unplugged the network cable until I could firewall the VNC service. I have a home broadband connection and the router is opened up to allow incoming remote access on port 5900. I have often noted the many failed attempts to connect to my VNC service in the windows logs; however, this was different. According to my event log, the service had been connected about for 15 minutes before I noticed it. Here are the technical details:
RealVNC version: 4.1.3
IP address: 121.32.14.72 (somewhere in China, apparently)
password: 12 characters, alphanumeric
In the logs there were no prior or repeated connection attempts from this or similar IP addresses, as if a brute force attack was happening. Even at that a 12-character password should be relatively strong. To me this looks like an authentication bypass vulnerability reminiscent of the 2006 vulnerability; I hope I'm wrong. You may want to encourage everyone to be on the lookout for suspicious VNC connections. For now my VNC is remaining firewalled.
For those who use RealVNC would you check your event logs to see if there is anything similar that you did not authorize? Use the "comment" section below to post your brief thoughts or if you have a lot of information to submit use our contact form.
Marcus H. Sachs
Director, SANS Internet Storm Center
seclists.org Outage
It appears that seclists.org is offline. That impacts some security mailing lists like Full Disclosure, nmap-dev, and portions of the Insecure.org site. We don't know why the site is down, but it appears that all of the message archives are missing too. More details will follow as we receive them. If you have any first-hand knowledge about why the site is down please let us know via our contact form.
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago