Prologue: There isn't going to be a "Bouncing Malware" installment today. I've been mighty busy over the last week or so (anyone want to come help me sand the peeling stain off my deck?) and I've not had time to work on one. Soon. I promise.
Cisco CCO Password Issue
Ever have one of those days? Looks like Cisco is having one of those months... It appears that something has happened to compromise the passwords for their Cisco Connection Online service. What exactly happened? Cisco isn't saying.
Attempting to log into CCO brings up the following terse message:
<crude_sarcasm> Note: I do, indeed, know what caused this issue, but I've been enjoined from disclosing it until next year's Black Hat. </crude_sarcasm>
Gotta love that last bullet point... It reinforces that old security maxim: All the technology in the world won't save you from doing something dumb.
Update: A tip o' the always stylish Handler-On-Duty propeller beanie goes out to Scott who wondered whether Cisco is having Pancho check for differences in the "From:" and "Reply-To:" addresses on messages to email@example.com before sending out a password. He is...
Follow the Bouncing... uh... ummm... Vulnerability?
Yesterday, we reported that there was a recently announced vulnerability in (can you say "ironic"?) Metasploit.
When we reported it, it was a vulnerability.
Then it wasn't....
Seems that the issue wasn't in Metasploit itself, but could be triggered if a vulnerable third-party terminal program was used along with Metasploit.
In keeping with Liston's Third Law ("The amount of Irony in the universe is a constant"), another real vulnerability popped up to take its place. It seems as though there is an issue in MSFWeb (the Metasploit Framework Web interface) that could allow for unauthorized access. Either run "msfupdate" or wait for version 2.5.0. (Thanks Gilles!)
ARCserve BrightStor Exploits/Scanner
Bringing forward this note from an early update to yesterday's diary 'cause it's important...:
If you haven't already patched your BrightStor ARCserve Backup
software, now would be a really good time. At least three different
exploit codes and the code for a scanner have now been released.
Links to patches can be found in
. Here is how CA rates this
If you don't think the kiddies are jumpin' on this one,
the spike in port 6070 activity.
It Takes a Village...
Just yesterday, I received a canned message from a vendor:
This was followed by a listing of my contact information that he'd
sent to Plaxo and a link where I could sign up for his wonderful free
No, I'd rather not, thank you.
Over the past few years, I've noticed the rising tide of online "communities." And like some sort of unholy sludge, they've increasingly been floating across the Internet and seeping their way into my inbox.
Stop it now.
Both Plaxo and the recently discovered (for me) sms.ac entice users to "import and invite" their contacts. They make it easy, giving the clueless noobs step-by-step instructions on how to upload the contents of their contact lists.
If you happen to have someone's contact information, that person gave that contact information to you. If they wanted their information given to Plaxo or sms.ac, they would give it to them. Do you go around posting your friend's phone numbers on bathroom walls? Do you walk up to strangers on the street and give them Aunt Mildred's P.O. Box? How about your teenage daughter's IM identity?
Needless to say, Mr. Vendor (and his boss) got a quick phone call from me, wherein I pointed out my belief that some village somewhere must be missing its idiot.
Don't follow in his footsteps. Your village needs you...
...Workin' On Mysteries Without Any Clues...
Not as strange and mysterious as what you might find in the back of a '60 Chevy:
but interesting none-the-less.
(w/apologies to Mr. Seger)
Google Hack Honeypot
Interesting concept. Check it out
Tom Liston - Intelguardians Network Intelligence, LLC
Aug 3rd 2005
Aug 3rd 2005
1 decade ago