[swinog] Critical vulnerability in Magento: Many Swiss sites are still vulnerable
FYI, the guys at https://twitter.com/GovCERT_CH didn't want to join the SwiNOG ML, so I copied the URL to this e-mail :) http://www.govcert.admin.ch/blog/4/critical-vulnerability-in-magento-many-swiss-sites-are-still-vulnerable Cheers Marco ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Safe Browsing Alerts for Network Administrators
Hi Network Administrators! If you wanna know what dangerous things happen on your own or your customers website (across your ASN), then this tool might be in your interest: "Today, we’re happy to announce Google Safe Browsing Alerts for Network Administrators -- an experimental tool which allows Autonomous System (AS) owners to receive early notifications for malicious content found on their networks. A single network or ISP can host hundreds or thousands of different websites. Although network administrators may not be responsible for running the websites themselves, they have an interest in the quality of the content being hosted on their networks. We’re hoping that with this additional level of information, administrators can help make the Internet safer by working with webmasters to remove malicious content and fix security vulnerabilities." Reference: http://googleonlinesecurity.blogspot.com/2010/09/safe-browsing-alerts-for-network.html Service itself: http://safebrowsingalerts.googlelabs.com/ Marco Huggenberger SwissIX Internet Exchange ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Swinog#20
Dear SwiNOG Core On behalf of the SwissIX board and probably most of todays participant at SwiNOG20 I would like to thank you guys for the organisation of this highly interesting and interconnecting event on top of berne! Hope to see you again later this year... Cheers Marco Huggenberger SwissIX Internet Exchange ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Looking for cisco spare part...
Hi Guys I'm looking for a Cisco 7300-CC-PA or a NSE-150 for a Cisco 7304 for 3-4 weeks. Please contact me *offlist* about details. Cheers Marco ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] FYI: 4th update of the following warning: several email waves target Swiss computers with malware
FYI Mail- and System Administrators: "several email waves target Swiss computers with malware" english: http://www.melani.admin.ch/dienstleistungen/archiv/01051/index.html?lang=en german: http://www.melani.admin.ch/dienstleistungen/archiv/01051/index.html?lang=de french: http://www.melani.admin.ch/dienstleistungen/archiv/01051/index.html?lang=fr italian: http://www.melani.admin.ch/dienstleistungen/archiv/01051/index.html?lang=it the rss-feed is also available in our 4 languages: = en|de|fr|it http://www.melani.admin.ch/dienstleistungen/newsletter/00197/index.html?lang= Cheers Marco ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Power outage in Schlieren this morning
Statement from EKZ (german only): Stromausfälle in Schlieren und Opfikon Am Morgen des 14. August 2007 ist in Schlieren als auch in Opfikon der Strom ausgefallen. In Schlieren hat um 10.12 Uhr ein Kurzschluss in einer privaten Transformatorenstation eines Geschäftskunden einen gut halbstündigen Stromausfall in Teilen von Schlieren verursacht, während für Kunden des EW Opfikon um 8.20 Uhr ebenfalls aufgrund eines Kurzschlusses bei Umbauarbeiten im EKZ Unterwerk für 13 Minuten die Stromversorgung unterbrochen war. In Schlieren ist heute morgen um 10.12 Uhr in den Gebieten Rietbachstrasse, Zentrum Schlieren, Bahnhof, Schulstrasse, Hübler bis zur Stadtgrenze Zürich der Strom für gut eine halbe Stunde ausgefallen. Grund dafür war ein Isolatorendefekt in einer Transformatorenstation eines EKZ Geschäftskunden, welcher einen Kurzschluss und die Ausschaltung einer EKZ Mittelspannungsleitung zur Folge hatte. Zur Behebung des Stromausfalls beim Geschäftskunden haben die EKZ bis zur Reinigung und Reparatur der Station vor Ort eine Notstromgruppe eingerichtet. Alle Kunden in Schlieren, Urdorf sowie Ober- und Unterengstringen bemerkten den Spannungseinbruch. Knapp 7000 Kunden des EW Opfikon konnten heute morgen ab 8.20 Uhr für 13 Minuten nicht mit Strom versorgt werden. Dies aufgrund eines Kurzschlusses im EKZ Unterwerk Opfikon, welcher bei Umbauarbeiten durch einen technischen Defekt aufgetreten ist. URL: http://www.ekz.ch/internet/ekz/de/medien/medienmitteilung/archiv/2007/august/opfikon.html ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] FYI: [c-nsp] Cisco recall on 3560 and 3750 switches and PWR-2300RPS
-- Forwarded message -- From: Hank Nussbacher <[EMAIL PROTECTED]> Date: 24.04.2007 01:00 Subject: [c-nsp] Cisco recall on 3560 and 3750 switches and PWR-2300RPS To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] "Although there has not been a reported safety incident, Cisco is aware of a potential safety issue that can be caused by a welded nut breaking free inside the switch and Redundant Power Supply (RPS). Tightening the mounting screws used to secure the power supply or blower module to the switch or the RPS can lead to a welded nut on the interior to the switch or RPS breaking free from the chassis sheet metal. A risk of electric shock may exist if the chassis is not properly grounded and the loose nut comes in contact with the power supply line-in and chassis." There is no workaround. To check whether your switch needs to be replaced and to submit your details for the RMA go to the following page: http://www.cisco.com/en/US/customer/products/ps7077/products_field_notice09186a008082a7c8.shtml [available to registered users] This alert is not only for 3560 and 3750 switches but also for owners of RPS - PWR-2300RPS. This RPS can affect the following equipment: • Cisco Catalyst 3750-E Series Switches • Cisco Catalyst 3750 Series Switches • Cisco Catalyst 3560-E Series Switches • Cisco Catalyst 3560 Series Switches • Cisco Catalyst 3550 Series Switches • Cisco Catalyst 2960 Series Switches • Cisco Catalyst 2950 Series Switches • Cisco Catalyst Express 500 Series Switches (select PoE models only) • Cisco 3825 Integrated Services Routers • Cisco 2851 Integrated Services Routers • Cisco 2821 Integrated Services Routers • Cisco 2811 Integrated Services Routers Regards, Hank Nussbacher http://www.interall.co.il ___ cisco-nsp mailing list [EMAIL PROTECTED] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Reminder: ORDB.org is shutting down
Hi Folks Just to remind you: ORDB.org is shutting down [1] and I realized that many swiss ISPs are using this database [2] "We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin). DNS and the mailing lists will vanish today, December 18, 2006. This website will vanish by December 31, 2006." Cheers M. [1] http://www.ordb.org/news/?id=38 [2] http://www.ordb.org/using/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] BGP problems at Cablecom?
Hi Matthias 2006/12/3, Matthias Hertzog <[EMAIL PROTECTED]>: In my opinion, it makes no sense to use DNS that are not "near". Normally, the caching-only DNS from the direct uplink/feed should be used. I understand, that CC DNS seem not to give correct answers, but using foreign DNS should only be a temporary solution to that problem. Also die ORSN Server sind nahe ;) Gruss Marco Operator of ORSN Root Server H ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SwissIX down and up again?
Hi Milan (and all other SwissIX Participants on the SwiNOG-List) Milan Trenka schrieb: Has someone else sessions lost on SwissIX this evening? What's happend? See: http://mailman.dolphins.ch/cgi-bin/mailman/private/swissix/2006-May/000235.html for details. Cheers Marco Huggenberger SwissIX Board Member ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hosting Management Tool
Hi Manuel On Sun, 19 Feb 2006 20:14:30 +0100, Manuel Krummenacher wrote > If I understood correctly, VHCS, syscp and ISPconfig only manage one > server. I'd like to have the same mail accounts and dns zones on a > secondary server (backup MX, secondary DNS). Any idea how to manage > that? I thought maybe I can install VHCS on both systems and copy the > VHCS DB to the secondary server using MySQL replication. But you > probably got a better solution. You can do that by using MySQL replication (which works for the most CPs) or like we did it with some dirty bash scripts (to make some exceptions, for non-productive hosts and the like). That topic was also discussed some weeks ago on one of the debian mailinglist and then the Hosting Control Panel-overview [1] was created within the debian-wiki [2]. I would say that most of these CPs do their job very well, but most of them do not have a solution for end-users and automated software installation/update/removal of cms-systems, wiki-systems, guestbooks, forums and the like. But since all of the CPs [1] are open source, you are open to integrate your requirements to the front end. If you're really wanna take the "best tool" for your requirements, then maybee you have to create something like the overview at forensoftware [3]. Please drop me a line if you wanna collect all the information on our SwiNOG Wiki [4]. HTH and have a good start into the new week! -- Cheers Marco Huggenberger "huggi" [1]: http://wiki.debian.org/HostingControlPanels?highlight=%28Panel%29%7C%28Control%29 [2]: http://wiki.debian.org [3]: http://www.forensoftware.de/ [4]: http://wiki.swinog.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] couple of sunrise dsl outages
2005/12/6, Nik Hug <[EMAIL PROTECTED]>: > Hopefully Santa has its VPN from Telenor and not TDC otherwise this will >lead to a reindeer-grounding tonight. Hmm Nik! Don't you know that sunrise has outsourced santa: http://www.ianai.net/jokes/BangaloreSanta.jpeg Happy santa! M. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] future of dsl
Alain Stucki schrieb: I think no one need ADSL with 20MB traffic limit, the good, old 56k modem is a much better solution for these "Gelegenheits-surfer" No basic free, no traffic limit.. You pay exactly what you get.. Or if you just need DSL in the night, use ADSLnight ;) http://www.init7.net/adsl-night.php Cheers M. Things you can do on friday (if you have nothing to do): Join the openBC-Swinog-Forum at: https://www.openbc.com/net/swinog/ Write articles on the new swinog-wiki*: http://wiki.swinog.ch/index.php/Main_Page *If you need an account just drop me a line to marco-at-by-night.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] FYI: MELANI-Information: Social Engineering mittels E-Mail
" Information: Social Engineering mittels E-Mail (10.05.2005 12:22) Die rasante Verbreitung des Wurms Sober.O, der letzte Woche gefälschte E-Mails mit einer Bestätigung für Eintrittskarten zur Fussball-WM'06 in Deutschland verschickt hat, ist grösstenteils auf so genanntes Social Engineering zurückzuführen. http://www.melani.admin.ch/newsticker/00059/index.html?lang=de " -- Cheers M. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] FYI: Invitation to www.hackiis6.com
Hi Matthias! On 5/5/05, Matthias Hertzog <[EMAIL PROTECTED]> wrote: > Just drive by, put the box in the trunk and the system is offline. I offer > myself as the 'driver'. If you take a look at the "Hack IIS 6.0 Challenge Contest Rules": => A successful hack does not include: => 5. Physical attacks. Sorry for that ;) Cheers M. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] FYI: Invitation to www.hackiis6.com
FYI: -- Forwarded message -- From: Roger A. Grimes <[EMAIL PROTECTED]> Date: May 5, 2005 1:41 AM Subject: Invitation to www.hackiis6.com To: [EMAIL PROTECTED] It's not the traditional honeypot...but it is. Welcome to the HackIIS6.com Contest! Starting May 2nd and going until June 8th, the server located at http://www.hackiis6.com will welcome hackers to attack it. If you can deface the web site or capture the "hidden" document, you win an X-box! Read contest rules for what does and doesn't constitute a successful hack. We've tried to be as realistic as possible in what constitutes a successful hack, and in mimicking a basic HTML and ASP.NET web site. For the most part, almost anything reasonable constitutes a successful attack except for a massive network denial of service attack against the IIS 6 or its host provider. Not that doing a successful DoS attack wouldn't be a problem in the real world...it would be...but we aren't testing that. We want to test the security of Windows Server 2003, IIS, and other Microsoft applications. So, please, respect this one rule of the contest so everyone can have a chance at claiming the prize. Questions and Prizes If you have questions, send an email to [EMAIL PROTECTED] If you want to claim a prize, send your email, with the details listed in the official rules to [EMAIL PROTECTED] Contest Summary We are going to start the contest for the first two weeks with the very basic, static HTML web site that you are now reading. Two weeks later, we'll add an ASP.NET web site and a back-end SQL server to add more flavor and give more area to attack. We started with the basic site to prove that Microsoft's Internet Information Service (IIS) and Windows Server 2003 is secure by itself. This is to satisfy the purists who thinking hacking ASP.NET is hacking an application and not the server. So, if you've got skillz in one area versus the other, you'll have a chance to try both attack types. Once the contest stops on June 8th, we will announce the winner(s) at the upcoming June Microsoft Tech.Ed conference. The Setup This server is running Windows Server 2003, Service Pack1, with all current publicly-released patches and hotfixes installed (we ran Windows Update and MBSA just like a real admin would do). We installed IIS 6.0. and then we followed the basic recommendations (http://www.microsoft.com/technet/security/prodtech/IIS.mspx) suggested by Microsoft. I added a few tweaks here and there, to put my personal mark on the site, but nothing extraordinary. There is no non-Microsoft software involved with the exception of the host's router/firewall, which would be normal in most environments. We want to make this a test of Microsoft software. Why a hacking contest? To have fun! Sure there will be critics who say sponsoring a hacking contest proves nothing. If the IIS server remains unbroken, it still doesn't mean that IIS is really "secure." True, and if I wasn't the contest's team leader, I'd probably be the first one to yell that out. Hacking contests rarely prove something is secure, although it only takes a single successful hack to prove something is unsecure. So why do it? There are very few places on the Internet where hackers, good and bad, can hack legally. Windows IT Pro thought the contest would be a fun way to interact with the hacker community (they realize most hackers have good intentions) and bring some attention to Windows IT Pro (of course, they'll disavow all responsibility and blame me solely if the server gets hacked) . So, welcome to the contest! Hack away. If the IIS server goes unhacked during the extended time period, it might not mean that IIS is "unhackable", but if it does survive the contest it might convince a few people that it is a relatively secure web server platform. After all, over 20% of the Internet relies on it, including some of the largest web sites in the world. Happy Hacking, Roger A. Grimes Contributing editor, Windows IT Pro Magazine *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: [EMAIL PROTECTED] *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 -- Cheers M. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] New Website: Open Root Server Network (ORSN)
Hi! New Website: Open Root Server Network (ORSN) is online now at: http://www.orsn.org/ - The Independent DNS Solution with IPv6 support for the European Community. On this page you can find the current operational status of our root server systems and some additional information about the ORSN project. Cheers Marco Operator of the ORSN Root Server H ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog