Cisco product shipped with backdoor

March 17, 2008 – 4:57 AM

Cisco has reported a critical security hole in CiscoWorks Internetwork Performance Monitor (IPM), the network availability monitoring component of the CiscoWorks LAN Management Solution (LMS). According to the advisory, commands can be executed remotely on the underlying Solaris or Windows operating system without authentication.

Cisco reports that the problem is due to the IPM starting a process that binds a shell to a randomly selected TCP port. The shell executes commands entered there at system privilege level under Windows and at casuser privilege level under Solaris. Version 2.6 is affected. An update is available. Cisco has rated the hole as critical and advises all users to install the update as soon as possible.

Cisco’s advisory does not describe how this unusual vulnerability came about. The vendor says that no exploits have been reported so far.

Source…

Six Steps to a Faster Broadband Connection

March 16, 2008 – 5:23 PM

If you’re serious about the Internet, chances are you spend anywhere from $30 to $99 per month for a broadband Internet connection. But regardless of how much you pay, are you getting all the speed that your ISP promised you? And does your connection persist reliably without dropping out frequently or requiring modem reboots? With our quick guide, you can squeeze every last kilobit-per-second (kbps) of throughput out of your broadband modem and keep your connection running smoothly.

1. Test Your Connection Speed

Before you start tweaking, get a baseline reading of your downstream and upstream connection speeds at Speedtest.net. If possible, measure the speeds at different times of day, especially during the hours when you use the connection most frequently, and at least once after midnight or 1:00 a.m. (when competition for bandwith is likely to be at its lowest level).

2. Update Your Firmware or Get a New Modem

If your cable or DSL modem is more than a couple of years old, ask your Internet service provider for a new one. The exchange will probably be free; and if there is a fee, you can usually waive it by agreeing to a new one-year contract. The latest cable modems meet the DOCSIS 2.0 (Data Over Cable Service Interface Specification) standard. If you have a 1.1 modem and a high-throughput plan, you’ll likely experience a large speed increase just by swapping modems.

Even with a brand-new modem, make sure that you have the latest firmware installed. I upgraded my two-year-old Efficient Networks 5100b DSL modem from firmware version 1.0.0.39 to 1.0.0.53, and immediately saw my Speedtest throughput increase from 5.3 mbps to 5.9 mbps, just a hair below the 6 mbps that I’m paying for. Cable providers such as Comcast usually push new firmware to modems, so there’s no need for most cable modem users to perform upgrades themselves.

Read the rest of this story…

Anatomy of a hack attack

March 16, 2008 – 7:33 AM

Monday, 9am
Blackjack, a hacker working from an internet cafe in London, is about to launch an attack on a major government agency. His aim is to cause maximum disruption and embarrassment. And, according to security experts, his job is going to be worryingly easy.

“Most organisations have dozens of vulnerabilities they haven’t patched, or aren’t even aware of,” said Toralv Dirro, a security strategist with McAfee. “Even if a penetration-testing service says you’re not vulnerable, that only means they haven’t found a vulnerability, not that one doesn’t exist.”

Blackjack has spent weeks researching his target, identifying names of employees, partners and current projects. He has identified a potential way into the network through People Inc, a staffing agency that provides temporary workers to the public sector and which has direct links to the government agency’s website and HR database.

Using tools that are available online, Blackjack is able to identify People Inc’s web server and database server and then uses a simple SQL injection or cross-scripting technique to gain access to the web server.

This is a relatively common and simple hacking technique, explained Rhodri Davies, a technical architect with security specialist Vistorm. “Basically, the attacker uses the existing interface but, rather than entering information, they write a command for the back-end database,” he said. “For example, rather than entering a username, you command the database to send back a list of usernames and passwords.”

Read the rest of this story…

Is this website down for everyone or is it just you?

March 15, 2008 – 3:36 PM

Down for everyone or just me?

Have you ever tried to visit a web page only to get the dreaded 404 error or another message, even though the site was working just fine an hour ago? You might be trying to determine if your favorite software and technology blog has crashed due to billions of page refreshes as we liveblog the launch of OS X 10.9.7.1.5.2.4.7.1.3. Or maybe you’re just trying to see if your own hosting company has dropped the ball. Either way, there’s a service that can help.

Down for everyone or just me does one thing, and it does it well. Type a URL into the site, and you’ll find out if the whole world is seeing what you’re seeing. Easy as pie. You know, eating it, not making it. There’s no info on the site explaining exactly how it checks to see if a site is up, but the results appear to be at least as accurate as emailing your friend and asking for a second opinion.

Now, we’re big fans in giving products and services a descriptive name. And Down for everyone or just me certainly does that. But if you have any use for this service at all, we suggest you bookmark the site, because seriously, who’s going to remember a URL like downforeveryoneorjustme.com?

Source…

The Anatomy of a Vishing Scam

March 15, 2008 – 3:29 PM

A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.

The scams in this case took the form of a type of phishing known as “vishing,” wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a 1-800 number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down).

According to Lawrence Baldwin, the security forensics professional who was called in to help investigate, the attacks went down like this: The scammers targeted customers of multiple financial institutions, sending the text message lures solely to mobile numbers assigned to customers who lived in the geographic regions served by the individual institutions. For example, one scam targeting Motorola Employees Credit Union was sent only to Cingular mobile numbers assigned to consumers in the Schaumburg, Ill., area, where Motorola is headquartered. Yet another vishing attack sought Qwest customers in the Boulder region who may have belonged to the Boulder Valley Credit Union.

A third vishing attack, against the Bank of the Cascades, produced an usual response from the institution. In a message on its home page, Bank of the Cascades urges people who have received the messages to “Call your cell phone service provider immediately to alert them of the fraud and discuss their recommendations for handling scam text messages.” Here’s the only recommendation Bank of Cascades customers need: “We didn’t send it, just delete it or ignore it. If you fell for the scam, give us a call or come on in.”

Read the rest of this story…