Samba has released an update to several versions that addresses a denial of service (DOS) on an authenticated or guest connection.  This vulnerability impacts all current released versions of Samba.

A note from the samba.org article is that "This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits", essentially This is not vulnerable to remote code execution, reducing the overall risk. 

More details can be found here and here

tony d0t carothers--gmail

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
President Barack Obama said on Friday that NSA spying revelations had given the world the wrong impression about the U.S. data surveillance programs, and he outlined a plan for correcting it.

A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on a fair number of their switches and routers.  Both their Procurve as well as the 3COM ranges.  

CVE-2013-2341  CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10

The first one requiring authentication, the second one none and both are remotely exploitable.  The lack of detail in my view is a little bit disappointing. It would be nice to have a few more details, especially since some swithces may not be upgradable.  As the issue is across the HP and 3com range of products I guess we could assume that it has something to do with common code on both devices, which would tend to indicate maybe they are fixing openssl issues from back in february.  But that is just speculation.  If you do know more, I'd be interested in hearing from you.  In the mean time if you have HP or 3COM kit check here (https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03808969-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken) and start planning your patches.

I'd start with internet facing equipment first and then start working on the internal network.  Whilst upgrading the software you may want to take the opportunity to take a peek at your authentication and SNMP settings making sure you have changed those from the usual defaults (remember 3COM devices have multiple default accounts) and public or the company name are not good SNMP community strings.

Mark H - Shearwater


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The advanced notification for next Tuesday's Microsoft patches are out (http://technet.microsoft.com/en-us/security/bulletin/ms13-aug) 3 Critical and 5 Important ones are listed.  One affects every version of Internet explorer.  The rest are sprinkled between server and desktop, including RT. 

With 8 bulletins it might be an easy day (assuming that didn't just jinx it). 

Keep an eye out for our usual black Tuesday diary next week.  

Mark H - Shearwater


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. International Trade Commission has determined that Samsung infringed two smartphone patents held by Apple and that therefore some of its phones should be blocked from importation to the U.S.
Samsung has launched an ATIV Book 9 Plus laptop with Intel's latest Haswell chip that will be available for $1,400, but analysts said such sustained high prices for laptops and ultrabooks could hinder the recovery of the PC market.
U.S. President Barack Obama will work with Congress to limit data collection by the National Security Agency under the Patriot Act and will appoint an independent board to review the country's surveillance programs, he said Friday.
Juniper Networks is being investigated for possibly violating U.S. laws in foreign business practices.
A U.S. District Court judge made mistakes when she rejected Apple's request for a sales injunction against rival Samsung Electronics in a multimillion-dollar patent infringement case, Apple's lawyer argued before an appeals court Friday.
Talking on a cell phone while driving doesn't increase the risk of an accident, according to new research that looked at real-world accidents and cell-phone calls by drivers from 2002 to 2005.
A frame from a video promoting smartphone-monitoring trashcans in London.

Thursday, when Ars detailed a distributed DIY Stalking network that spied on mobile Wi-Fi users, several readers—such as this one and this one—said the article overstated the real-world threat. We disagreed then, but we're even more convinced of the potential for abuse following reports of the deployment in London of trash cans that track the unique hardware identifier of every Wi-Fi enabled smartphone that passes by.

Renew, the London-based marketing firm behind the smart trash cans, bills the Wi-Fi tracking as being "like Internet cookies in the real world" (see the promotional video below). In a press release, it boasts of the data-collection prowess of the cans' embedded Renew "ORB" technology, which captures the unique media access control (MAC) address of smartphones that belong to passersby. During a one-week period in June, just 12 cans, or about 10 percent of the company's fleet, tracked more than 4 million devices and allowed company marketers to map the "footfall" of their owners within a 4-minute walking distance to various stores.

Unparalleled insight into past behavior

"The consolidated data of the beta testing highlights the significance of the Renew ORB technology as a powerful tool for corporate clients and retailers," the Renew press release states. "It provides an unparalleled insight into the past behavior of unique devices—entry/exit points, dwell times, places of work, places of interest, and affinity to other devices—and should provide a compelling reach database for predictive analytics (likely places to eat, drink, personal habits, etc.)."

Read 7 remaining paragraphs | Comments


Feeling the pressure to become more data-driven, marketers agree that big data analytics will be an integral part of their organizations going forward. But a lack of data analytics skills and antiquated business processes are hampering their efforts.
What's the most expensive mobile phone bill in the world? How many cell phones are left in New York City cabs each day? How many hours a year are lost to Angry Birds? Find out in this eye-opening infographic.
Microsoft today took an attack ad swing at Google with a new episode in its nine-month "Scroogled" campaign, blasting Gmail's practice of dropping ads resembling emails into customers' inboxes.
LG Electronics and Motorola Mobility are betting on updated user interfaces on smartphones in a bid to differentiate their latest products, but analysts aren't convinced that's enough to break Apple and Samsung's dominance.
Taiwanese PC maker Asus plans to launch new tablets in its Transformer and MeMO Pad lines of Android tablets later this year as it aims to build up its brand in the tablet space alongside the Google Nexus 7 series.
Microsoft yesterday took another stab at boosting interest in creating apps for Windows 8 with an awards program that will hand out Xbox games and other prizes to amateur programmers.
Asustek CEO Jerry Shen confirmed today that his company will no longer produce Windows RT tablets.
Signs of life at BlackBerry are still emerging, despite recent layoffs, an $84 million quarterly loss reported in June and record-low market share.
There's a subtle but important difference between IT products and IT solutions. Both have their rightful place, but buying a product when you need a solution--and vice versa--can be costly. Unfortunately, product-pushers aren't always easy to spot.
Linux Kernel CVE-2013-4220 Multiple Local Denial of Service Vulnerabilities
Salesforce.com is raising the cost of an initial security review for paid applications in its AppExchange store from US$300 to $2,700, saying the hike will allow it to deliver the reviews much faster.

One of our readers, Tomo dropped us a note in order to assist getting the word out on this one as this issue has a potential to be very far reaching into the fields of military, medical and construction to only name a few where lives could be impacted.  

It appears there is a possibly long standing issue where copy machines are using software for some scanning features.  These features are using a standard compression called JBIG2, which is discovered to have some faults that change the original documents.  

Xerox has released two statements to date. If you are interested  in the latest info, jump to link two. [1] [2]

There is plenty of reading on this issue.  I wanted to get something out to you as soon as possible.   A very good analysis was produced by David Kriesel. [3]   He has been very good at updating that page with consist and relevent links.  A job well done by David.

David also provides very good analysis of the feature that is causing the issue with the Xerox Workcentre devices. Those are the devices in his deploy.  He cites model numbers in every post and even a work around for those affected by the issue. [4]    It  has also been discovered that since JBIG2 is a standard compression software, that other copy machine manufacturers are likely affected. [5]  

Please take this discussion to the forum and share any facts that you can.  

[1]  http://realbusinessatxerox.blogs.xerox.com/2013/08/06/#.UgTfJGR4aRN
[2]  http://realbusinessatxerox.blogs.xerox.com/2013/08/07/#.UgTgVmR4aRO
[3] http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning
[4] http://www.dkriesel.com/en/blog/2013/0806_work_around_for_character_substitutions_in_xerox_machines
[5] http://www.dkriesel.com/en/blog/2013/0808_number_mangling_not_a_xerox-only_issue


ISC Handler

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Re: Apache suEXEC privilege elevation / information disclosure
Re: Apache suEXEC privilege elevation / information disclosure
Re: Apache suEXEC privilege elevation / information disclosure
RE: [Full-disclosure] Apache suEXEC privilege elevation /
Google should lock up Chrome passwords with a master key to make casual thieves work harder.
Users of the Google Maps app will soon start seeing more ways to interact with paid content within the app, the company recently announced.
Silent Circle also shuttered its encrypted email service a few hours after Lavabit shut down citing an ongoing legal battle.
Google has added 79 patents to the list of patents for which it pledges not to sue any user, distributor or developer of open-source software, unless first attacked.
Cacti Command Injection and SQL Injection Vulnerabilities
ReviewBoard Vulnerabilities
[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities
Edward Snowden's leaked revelations about the U.S. government's data spying program may result in U.S. cloud providers losing 10% to 20% of the foreign market to overseas competitors, according to a new study.
While a new online documentary by director Werner Herzog showcases the tragedies of four driving-while-texting crashes, public safety advocates say stricter law enforcement is needed.
D-Link DIR-600 and DIR-300 Multiple Security Vulnerabilities


InfoSec to come out with cyber security report
Hindu Business Line
Information Security Consortium (InfoSec), an independent group formed by information security services and training firms, has said that it would come out with a report every month, starting next month on cyber security. The report would carry studies ...
Ground Zero Summit 2013, Asia's Largest Information Security Conference ...Moneylife

all 4 news articles »
PuTTY 'modmul()' Function Buffer Underrun Vulnerability
PuTTY 'getstring()' Function Multiple Integer Overflow Vulnerabilities
PuTTY Private Key 'putty/sshdss.c' Multiple Information Disclosure Vulnerabilities
PuTTY DSA Signature CVE-2013-4207 Remote Buffer Overflow Vulnerability
Microsoft August 2013 Advance Notification Multiple Vulnerabilities
Internet Storm Center Infocon Status