[Full-disclosure] [IMF 2011] Call for Papers
Dear all, for your information. Please excuse possible cross postings. CALL FOR PAPERS IMF 2011 6th International Conference on IT Security Incident Management IT Forensics May 10th - 12th, 2011 Stuttgart, Germany Conference Background - IT-Security has become a steady concern for all entities operating IT-Systems. These include enterprises, governmental and non-governmental organizations, as well as individuals. Yet, despite high-end precautionary measures taken, not every attack or security mishap can be prevented and hence incidents will go on happening. In such cases forensic capabilities in investigating incidents in both technical and legal aspects are vital to understand their issue and feed back the knowledge gained into the security process. Documenting the measures taken to prevent or minimize damage to own or external IT infrastructure provides legal rear cover if an involved party decides to start proceedings. In a possible lawsuit emerging from such an incident, its treatment in a forensically proper way is crucial to be able to possibly claim for damages or prevent from being threatened by claims of third parties. Thus, capable incident response and forensic procedures have become an essential part of IT infrastructure operations. In law enforcement IT forensics is an important branch and its significance constantly increases since IT has become an essential part in almost every aspect of daily life. IT systems produce traces and evidence in many ways that play a more and more relevant role in resolving cases. Conference Goals IMF's intent is to gather experts from throughout the world in order to present and discuss recent technical and methodical advances in the fields of IT security incident response and management and IT forensics. The conference provides a platform for collaboration and exchange of ideas between industry (both as users and solution providers), academia, law-enforcement and other government bodies. Conference Topics -- The scope of IMF 2011 is broad and includes, but is not limited to the following areas: IT Security Incident Response - Procedures and Methods of Incident Response - Formats and Standardization for Incident Response - Tools Supporting Incident Response - Incident Analysis - CERTs/CSIRTs - Sources of Information, Information Exchange, Communities - Dealing with Vulnerabilities (Vulnerability Response) - Monitoring and Early Warning - Education and Training - Organizations - Legal and Enterprise Aspects (Jurisdiction, Applicable Laws and Regulations) IT Forensics - Trends and Challenges in IT Forensics - Application of forensic techniques in new areas - Techniques, Tools in Procedures IT Forensics -Methods for the Gathering, Handling, Processing and Analysis of Digital Evidence - Evidence Protection in IT Environments - Standardization in IT Forensics - Education and Training - Organizations - Legal and Enterprise Aspects (Jurisdiction, Applicable Laws and Regulations) Submission Details -- IMF invites to submit full papers, presenting novel and mature research results as well as practice papers, describing best practices, case studies or lessons learned of up to 20 pages. Proposals for workshops, discussions and presentations on practical methods and challenges are also welcome. All submissions must be written in English (see below), and either in postscript or PDF format. Authors of accepted papers must ensure that their papers will be presented at the conference. Submitted full papers must not substantially overlap papers that have been published elsewhere or that are simultaneously submitted to a journal or a conference with proceedings. All submissions will be reviewed by the program committee and papers accepted to be presented at the conference will be included in the conference proceedings. Details on the electronic submission procedure as well as detailed registration information and formatting instructions are provided on the conference web site (http://www.imf-conference.org/). Language IMF 2011's scope is international hence all submissions must be written in English. Presentations of
[Full-disclosure] Fwd: [CASE:12632] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
FYI, HumanWare is tracking this as CASE:12632 Cheers, --scm -- Forwarded message -- From: Tom Burton tom.bur...@humanware.com Date: Tue, Oct 5, 2010 at 9:05 AM Subject: RE: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers To: Shawn Merdinger shawn...@gmail.com Hello Shawn, Thanks for forwarding this information onto us. We will make our developers aware. Kind regards, Tom Tom Burton Technical Support Assistant HumanWare Europe -Original Message- From: Shawn Merdinger [mailto:shawn...@gmail.com] Sent: 01 October 2010 22:49 To: EU. Support; US info; au-sa...@humanware.com Subject: Fwd: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers -- Forwarded message -- From: Sabahattin Gucukoglu m...@sabahattin-gucukoglu.com Date: Fri, Oct 1, 2010 at 5:31 PM Subject: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers To: braillen...@list.humanware.com Cc: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com, me-ma...@sabahattin-gucukoglu.com, supp...@humanware.com BrailleNote Apex offers telnet and FTP access on the standard ports, with read/write privilege on the entire file system, to all comers. No authentication is required. BrailleNote is unsafe on any network whose devices you are not in full charge of, and which (by NAT or firewall) does not protect BrailleNote from the Internet. I am happy and sad. In a chance port scan of my entire network looking for interesting services and protocols that were not accounted for by visible configuration options in all my devices, I found this disaster staring me in the face on the least likely candidate of them all. On the one hand, now I don't need ActiveStink in order to access my files, over the network, from my Mac. I want these services running, for sure (maybe just FTP) but dammit, authentication first! On the other hand, there is no doubt my trust in HumanWare is badly dented, as I was clearly optimistic that they would, and did, do the right thing and secure the device firmware before shipping it. Anonymous FTP and telnet are obvious, easily found and effectively exploited. If it isn't configurable, it shouldn't be enabled. I am quite sure this was the case before now. The most likely explanation is a build with a test configuration and services for development still in use on the newest model; the USB vendor string is further evidence of this. Note to self: that popular expression about assumptions turns out to be true. KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and FTP services. While we await an update that either disables the services or allows the user to specify the authentication credentials, do not use your BrailleNote Apex on any untrusted network, or if you are network administrator, temporarily prohibit these devices from connecting to your networks. If Bad guys are on your network, the BrailleNote Apex is, alas, easy meat. Cheers, Sabahattin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: [CASE:12632] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
On 5 Oct 2010, at 14:24, Shawn Merdinger wrote: FYI, HumanWare is tracking this as CASE:12632 Thank you. Here is the workaround for now. Telnet into the device one last time and do: services unregister ftpd services unregister telnetd softreset That reboots the device without telnet or FTP. A memory erase (4-5-6-reset or J-K-L-reset) restores the bad behaviour, but this shouldn't be a practical problem until the software is updated. Cheers, Sabahattin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in CMS WebManager-Pro
Hello Full-Disclosure! I want to warn you about Arbitrary File Uploading and Code Execution vulnerabilities in CMS WebManager-Pro. It's Ukrainian commercial CMS. SecurityVulns ID: 11176. - Affected products: - Vulnerable are both systems CMS WebManager-Pro from two developers. Vulnerable are versions CMS WebManager-Pro v.7.0 (version from WebManager) and previous versions, and also CMS WebManager-Pro v.7.4.3 (version from FGS_Studio) and previous versions. -- Details: -- Arbitrary File Uploading (WASC-42): In admin panel in section files (http://site/admin/files.php) uploading of arbitrary files is possible. Code Execution (WASC-31): In admin panel in section files (http://site/admin/files.php) uploading of php-scripts is possible. This concerns of all versions CMS WebManager-Pro from FGS_Studio, and also versions WebManager-Pro from WebManager up to 7.0 inclusive. But the sites occur with this CMS version 7.0 and higher, where there is a protection (on site level) from execution of php-scripts, in such case only Arbitrary File Uploading is possible. Timeline: 2010.07.10 - announced at my site. 2010.07.11 - informed developers. 2010.10.02 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4362/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 201010-01 ] Libpng: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201010-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Libpng: Multiple vulnerabilities Date: October 05, 2010 Bugs: #307637, #324153, #335887 ID: 201010-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in libpng might lead to privilege escalation or a Denial of Service. Background == libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/libpng1.4.3 = 1.4.3 Description === Multiple vulnerabilities were found in libpng: * The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) * A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) * A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact == An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround == There is no known workaround at this time. Resolution == All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libpng-1.4.3 References == [ 1 ] CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 [ 2 ] CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 [ 3 ] CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201010-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-999-1] Kerberos vulnerability
=== Ubuntu Security Notice USN-999-1 October 05, 2010 krb5 vulnerability CVE-2010-1322 === A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: krb5-kdc1.8.1+dfsg-2ubuntu0.3 Ubuntu 10.10: krb5-kdc1.8.1+dfsg-5ubuntu0.1 In general, a standard system update will make all the necessary changes. Details follow: Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service. Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.8.1+dfsg-2ubuntu0.3.diff.gz Size/MD5: 124007 e89b14cbc851f911f5ead11f9bd92f9a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.8.1+dfsg-2ubuntu0.3.dsc Size/MD5: 1721 b9e6cecfacd4cd487094eeec0e657953 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.8.1+dfsg.orig.tar.gz Size/MD5: 11649920 6f65349b14dcaf862805ff98bfcbd4f8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.8.1+dfsg-2ubuntu0.3_all.deb Size/MD5: 2249062 113ee25d58f8dc482476fe05eb213156 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-multidev_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 104192 ad3b52e518bb5ebc1dd8fd28c75dbb52 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 137486 01b07345094e2cd710dec001f8d7a9f2 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssapi-krb5-2_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 128468 f073edbfb20a8749b5a4a17ce62bf935 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssrpc4_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:81808 70f7ff9383b1a300beed6b4b909e9d83 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libk5crypto3_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 104170 0ae08cfffa3b34b004e7ca1021886c5f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5clnt-mit7_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:62938 51eb9af659cc9781701de5fbc2df4559 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5srv-mit7_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:76420 ed09af29a5b1dd06ec8f5ddf6bc93e73 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkdb5-4_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:62272 0a0dad569ec982e349909466ab9a0276 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-3_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 368488 1b2fa04c5f6c62538e2665eeebf39afd http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 1625886 6fcb8f2e39a798bb5b468522bf027955 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:35912 de1b46f9e84e4e890a1c8a44c9785b3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:44926 a24f9a0002ded4e913dc0e49c28ae567 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 112056 80dd4f2851091f5d0e8ad0606fd55743 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 116220 10a7ec8508baa0c4f6551d449009042d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5: 217652 598ce5cb5adf5c4764c9dbf18f625622 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.8.1+dfsg-2ubuntu0.3_amd64.deb Size/MD5:76610 ec6aa6791892111b539cdc35f704152c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-multidev_1.8.1+dfsg-2ubuntu0.3_i386.deb Size/MD5: 102502 a0f3f2aba06beaa76af146dc0e7852f5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.8.1+dfsg-2ubuntu0.3_i386.deb Size/MD5: 127694 0cb599cecf0398401655527f86c5a1af http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssapi-krb5-2_1.8.1+dfsg-2ubuntu0.3_i386.deb Size/MD5: 120474 f5f496ab58743d6d43a77680cc97a4ba http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssrpc4_1.8.1+dfsg-2ubuntu0.3_i386.deb Size/MD5:75124 add9e17c477a487ea52579eef82032f2