I was able to download it eventually with IE10 Annoyingly, they want a Java runtime environment in which to run the app...
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Fri, Feb 1, 2013 at 8:11 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > Same here and IE 8/9**** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > ezi...@lifespan.org**** > > ** ** > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you.**** > > *[image: Description: Description: Lifespan]* > > ** ** > > ** ** > > *From:* Kurt Buff [mailto:kurt.b...@gmail.com] > *Sent:* Thursday, January 31, 2013 8:11 PM > > *To:* NT System Admin Issues > *Subject:* Re: Ouch - UPnP**** > > ** ** > > Worked for me in FF.**** > > On Thu, Jan 31, 2013 at 4:47 PM, Andrew S. Baker <asbz...@gmail.com> > wrote:**** > > Yes, but so far, it's not cooperating in Chrome or FF...**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > ** ** > > On Thu, Jan 31, 2013 at 6:35 PM, Kurt Buff <kurt.b...@gmail.com> wrote:*** > * > > That page has the download link on it.**** > > ** ** > > On Thu, Jan 31, 2013 at 3:24 PM, Andrew S. Baker <asbz...@gmail.com> > wrote:**** > > Are you actually able to download via that link?**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > **** > > ** ** > > On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward <ezi...@lifespan.org> > wrote:**** > > > http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp > **** > > **** > > Nice detection utility which will help out the home users. **** > > **** > > Z**** > > **** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > ezi...@lifespan.org**** > > **** > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you.**** > > *[image: Description: Description: Lifespan]***** > > **** > > **** > > *From:* Ziots, Edward [mailto:ezi...@lifespan.org] > *Sent:* Thursday, January 31, 2013 1:04 PM**** > > > *To:* NT System Admin Issues > *Subject:* RE: Ouch - UPnP**** > > *Importance:* High**** > > **** > > Cross post from Bugtraq, **** > > **** > > DefenseCode Security Advisory**** > > http://www.defensecode.com/**** > > **** > > **** > > Broadcom UPnP Remote Preauth Root Code Execution Vulnerability**** > > **** > > **** > > Advisory ID: DC-2013-01-003**** > > Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution > Vulnerability Advisory URL: > http://www.defensecode.com/subcategory/advisories-28**** > > Software: Broadcom UPnP software**** > > Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted > Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31**** > > Risk: Critical**** > > **** > > **** > > **** > > 1. General Overview**** > > ===================**** > > **** > > During the security evaluation of Cisco Linksys routers for a client, we > have discovered a critical security vulnerability that allows remote > unauthenticated attacker to remotely execute arbitrary code under root > privileges.**** > > Upon initial vulnerability announcement a few weeks ago Cisco spokesman > stated that only one router model is vulnerable - WRT54GL.**** > > We have continued with our research and found that, in fact, same > vulnerable firmware component is also used in at least two other Cisco > Linksys models - WRT54G3G and probably WRT310N. Could be others.**** > > **** > > Moreover, vulnerability turns out even more dangerous, since we have > discovered that same vulnerable firmware component is also used across many > other big-brand router manufacturers and many smaller vendors.**** > > **** > > Vulnerability itself is located in Broadcom UPnP stack, which is used by > many router manufacturers that produce or produced routers based on > Broadcom chipset.**** > > We have contacted them with vulnerability details and we expect patches > soon. However, we would like to point out that we have sent more than 200 > e-mails to various router manufacturers and various people, without much > success.**** > > **** > > Some of the manufacturers contacted regarding this vulnerability are > Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so > on.**** > > Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom > UPnP chipset. You can check how many manufacturers use Broadcom chipset*** > * > > here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or > bcm).**** > > **** > > We don't know exactly how many of them are affected, since we were unable > to contact all of them, but we suspect there are probably tens of millions > vulnerable routers out there.**** > > **** > > **** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > ezi...@lifespan.org**** > > **** > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you.**** > > *[image: Description: Description: Lifespan]***** > > **** > > **** > > *From:* David Lum [mailto:david....@nwea.org <david....@nwea.org>] > *Sent:* Thursday, January 31, 2013 12:37 PM > *To:* NT System Admin Issues > *Subject:* RE: Ouch - UPnP**** > > **** > > See the thread called “Shocking? Somehow, not...”**** > > **** > > Having a more descriptive subject line like yours is far too logical J**** > > **** > > *From:* N Parr [mailto:npar...@mortonind.com <npar...@mortonind.com>] > *Sent:* Thursday, January 31, 2013 9:30 AM > *To:* NT System Admin Issues > *Subject:* Ouch - UPnP**** > > **** > > > http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757&s_cid=e757 > **** > > **** > > Guess it would mostly affect home users but they are going to be the ones > who would never hear about it for be able to fix it.**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>