Nabble - Info Security News (ISN)

Infamous Israeli hacker linked to $1.8M heist

2008-09-05T02:42:59Z

http://www.canada.com/windsorstar/news/business/story.html?id=df98c776-bbb9-4987-8526-6649e56c0574

Star News Services
September 05, 2008

CALGARY - Investigators spent nine months using technology and
old-fashioned sleuthing to find four suspects who allegedly stole $1.8
million from a Calgary company.

The operation involved the U.S. Secret Service and municipal police in
Calgary and Vancouver -- as well as in Montreal, where investigators
arrested four Quebec-based suspects.

Among those charged with theft of credit-card data and fraud is Ehud
Tenenbaum, an Israeli national living in Montreal. In 1998, a
19-year-old Israeli named Ehud Tenenbaum -- known online as "the
Analyzer" -- accessed computers belonging to the Pentagon.

After his conviction, Tenenbaum used his expertise to help Israeli
organizations protect their computer networks against cyber attacks.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

TIGTA: The IRS lacks secure Web servers

2008-09-05T02:42:47Z

http://www.fcw.com/online/news/153690-1.html

By Mary Mosquera
FCW.com
September 4, 2008

Unauthorized and insecure Web servers connect to the Internal Revenue
Service’s network, which puts the agency’s computers and entire network
at risk of unauthorized access to taxpayer and personally identifiable
information, the Treasury Inspector General for Tax Administration said
in a recent report [1].

The IRS has 1,811 unapproved internal Web servers on the network and
2,093 internal Web servers that have some security weaknesses, the TIGTA
report, released Sept. 3, states.

The IRS requires that business units register all internal Web sites and
Web servers with the Modernization and Information Technology Services
organization, but some fail to register their servers, the report
states. The IRS might block unregistered servers from sharing
information with the network.

Because no office had responsibility for the Web registration program,
the IRS has not enforced the requirement, allowing Web servers to
connect to the network without proper authorization and accountability,
the report states.

[1] http://www.ustreas.gov/tigta/auditreports/2008reports/200820159fr.pdf

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Re: ICANN cast as online scam enabler

2008-09-05T02:42:35Z

Forwarded from: Directi <shridhar.l (at) directi.com>

Directi's official response to inaccurate reports which falsely
implicate the Directi Group

From Bhavin Turakhia’s Desk:

There have been some articles and reports recently published by Garth
Bruen at Knujon and by Jart Armin and James Mcquad at Hostexploit, that
somehow link Directi with groups that support organized internet crime.
The motives behind these reports are still unknown, but as an
organization that prides itself in setting industry benchmarks in ethics
and best practices, we are extremely shocked by these allegations. While
I applaud the efforts of volunteers such as Knujon and Hostexploit who
spend their personal time to try and combat spam, I am personally quite
saddened when the very individuals who we trust to combat fraud engage
in publicity moves without consideration for the reputation of
legitimate businesses.

Neither Knujon nor Hostexploit extended a basic courtesy of even
contacting us to verify any of the facts in their report before
publishing the same. Directi is not even remotely related to the
organizations or activities listed in those reports. The arguments
presented in these reports are either downright baseless, or based on
complete fabrication of facts.

Various other news agencies and blogs have further referenced these
reports in the form of a story or post, once again without any attempt
to verify or validate the facts in these reports. Given the amount of
noise this has created - it is imperative that we clarify our stand and
rectify the factual inaccuracies in those reports.

The first false and inaccurate report in question is one published by
Garth Bruen of Knujon. Find below each of the factual inaccuracy or
misstatement in his report and our response to the same -

1. The report claims that “48 ICANN-accredited Registrars (affiliated
with Directi) … do not seem to exist and are phantom.” This statement
is factually incorrect, and was completely unverified by Knujon.
Knujon did not even bother to contact ICANN in this regards to get
the right facts. The truth of the matter is that all 48 companies
which belong to Directi and its clients, are in existence and are
duly incorporated and validly existing under law.

2. Other Online reports further claim that these 48 registrars are
involved in illicit activities. This allegation is made without
providing ANY evidence to corroborate the same. This statement is
grossly inaccurate. The reporters did not bother to support such
claims with any factual evidence, nor contacted us for clarification.
All 48 companies combined have under a few thousand customers who
have registered legitimate domains with these registrars and have not
received any abuse complaints. Yet these companies have been dragged
in, without evidence, into an issue that is unrelated to them.

3. Garth of Knujon further claims that the Directi Group owns a company
by the name of ESTDomains. This is another blatantly false
insinuation. Directi has never owned ESTDomains. Garth has no
documentation that shows Directi owning ESTDomains. We have
challenged Knujon to produce any evidence with respect to this. In
fact the only relationship between Directi and ESTDomains is that
ESTDomains has purchased certain software from Logicboxes a few years
ago to power their Registrar operations. They are otherwise an
independent company and we do not control their actions or their
behavior.

4. Another claim in the reports is that Directi sponsors illegal
pharmacy related domain names and that If and when the site content
is closed by the ISP host, Directi/PublicDomainsRegistry (sic) just
helps them set up at a new IP This accusation is once again baseless
- we certainly do not condone any abusive behavior, much less
facilitate it. Despite the fact that policing the Internet does not
fall under the purview of a domain name Registrars’ responsibility,
we work hard to clamp down abuse, from a moral standpoint. Infact the
report again contains no evidence of a single domain name where WE
have explicitly assisted a miscreant in migrating from one IP address
to another. Quite the contrary, despite not having any legal
obligation to do so as a Registar, we still takedown over 95% of the
domains for which we receive abuse complaints within 24 hours of
receiving these complaints. We invest significant resources towards
ensuring that all abuse complaints are thoroughly investigated and
swiftly acted upon.

5. The reports state that the privacy protection service that we provide
intentionally harbors abusive domain names and should not be offered
for domain names. PrivacyProtect.org was created to safeguard genuine
domain owners from the very threats that KnujOn perceives it to
protect. Millions of genuine domain registrants and customers of
Directi are using the privacy protection services we offer and are
very happy that we provide the same since it protects their email
addresses from being harvested and protects their identity from
spammers and miscreants. We also maintain a strict zero-tolerance
policy w.r.t. abuse of our privacy protection services, and any
domain name proven to indulge in illegal activities has its
protection immediately revoked. We challenge Knujon to find an
example wherein a complaint was made to our privacy protection
service and was not actioned upon.

6. The report claims “EstDomains is a Registrar that also makes heavy
use of the PrivacyProtect.org service for masking the ownership of
fake pharmacy domains.” Long before this report was ever published,
we had already discontinued our privacy protection services to
ESTDomains as per our zero tolerance policy. Knujon again choose not
to verify their facts before publishing such assertions.

7. Further updates from Garth and other sites state that we are in the
process of severing our relationship with ESTDomains making it sound
as if we were harboring ESTDomains all this while and are now
canceling their services This assertion is incorrect. The only
relationship Directi has had with ESTDomains is that of a software
vendor. We have discontinued providing privacy protection services to
them a few months ago. However ESTDomains continues to use software
that they purchased from Directi since several years. We do not
control their actions in this respect. None of our steps in terms of
abuse prevention are knee jerk reactions to these reports because
these reports do not carry any factual data. We are not responsible
for domains registered through ESTDomains in any manner and cannot
suspend them or prevent abuse on them.

The second false and inaccurate report in question is one published by
Jart Armin and James Mcquad at Hostexploit. Here are our responses to
the claims in that report -

1. This report deals with the purported abusive and illegal activities
of a company called Atrivo, goes on to associate the Directi group
with Atrivo. Most of the accusations in this report are based on the
notion that the Directi Group has some association with Atrivo. In
fact, the report states one of “the most important of these (cyber
crime) Atrivo associations” as “PrivacyProtect (anonymous
registrant), LogicBoxes (hosting servers)”.This statement is
completely incorrect. Neither is Atrivo associated with LogicBoxes,
nor is it being hosted by LogicBoxes, nor have they registered their
domain name through LogicBoxes. In fact there is no link between
Atrivo and LogicBoxes, except the fact that Atrivo is a customer of
ESTDomains and ESTDomains is a customer of LogicBoxes. The Directi
Group does not have, and has NEVER had, any association with either
Atrivo or their business practices. Directi and Logicboxes are
neither a vendor nor a customer nor a business associate of Atrivo.
Directi received no courtesy information request from the authors of
this report to verify this claim. The report shows no evidence of any
such association.

2. This report, in its investigations of our privacy protection service,
goes on to detail the name server and whois information of
privacyprotect.com (which is not affiliated with us) instead of
privacyprotect.org, which perhaps epitomizes the quality of research
on which the report is based. From a simple whois query, and a quick
visit to these websites, it is amply clear that these two entities
are in no way connected with each other.

3. Like the previous report, this report also claims that ESTDomains
provides use of Directi’s privacy protection services - which, as
clarified above, is absolutely false and inaccurate at the time the
report was published.

If you are a news agency or a blog or a news site that has quoted any of
the above mentioned reports with false allegations about Directi and
LogicBoxes, we request you to post this update in its entirety in a
visible manner with a link from the existing article’s headline with a
byline that can state “Update: Directi disclaims all allegations in the
knujon / hostexploit reports as baseless and factually incorrect“, since
you are currently carrying false and defamatory statements without
verification or evidence on the same and have caused considerable
reputation loss to our organization. Several of you who have already
updated your respective websites, and confirmed the same to us - we
thank you for your cooperation and urge you to ensure that in the future
when referencing reports of this nature, you at least extend the
subject, a basic courtesy of confirming the facts. The reputation damage
that has been caused as a result of this incident is considerable.

Today, Directi continues to be one of the most proactive Registrars in
combating abuse and implementing strict AUPs. We have a significant
investment in terms of manpower and processes to achieve just this. We
do so, not because we’re contractually obligated, or to protect our own
business interests, but because we sincerely believe in the ideology of
making the internet a safer and more secure medium for conducting
business.

However it is reports and claims like these that are disappointing to
any white hat, genuinely conscientious Registrar, wherein despite our
continuous efforts, organizations such as Knujon and HostExploit,
without attempting to verify facts, publish libelous and false
allegations. Even a basic common courtesy of contacting us was not
extended prior to publishing these reports.

While Directi will take all steps necessary to protect its interests, we
hope that this type of an incident is not repeated in the future and
that online press and media take some basic steps to verify their
stories before maligning someone falsely on the Internet at large.

--
View this message in context:
http://www.nabble.com/ICANN-cast-as-online-scam-enabler-tp19283495p19313470.html
Sent from the Info Security News (ISN) mailing list archive at Nabble.com.

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Obama alma mater gets an education in 'net security

2008-09-05T02:42:15Z

http://www.networkworld.com/news/2008/090308-punahou-sudents-laptop.html

By Ellen Messmer
Network World
09/03/2008

Punahou School in Honolulu has moved into the networking vanguard since
presidential candidate Barack Obama graduated from the K-12 school in
1979.

The private school's 45 buildings are now connected via a fiber backbone
and point-to-point laser system for short-range wireless communications,
with Cisco switches and a voice-over-IP system for 500 phones, all
installed in just the last two years. The 76-acre campus also is Wi-Fi
enabled.

Except for the very youngest of Punahou's 3,700 students, most attending
the school have a laptop assigned to them at the start of the school
year, and are given strict instructions that it's intended for academic
purposes, not fun and games.

"We have an acceptable-use policy and students have to sign it, and
sometimes parents do, too," says David Parrish, chief architect of the
IT network at Punahou. (Yes, if Barack Obama were in high school there
now, he'd have to sign it, too, to use the school computer and network.)

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Microsoft tackles remote code execution with updates

2008-09-05T02:42:00Z

http://www.techworld.com/security/news/index.cfm?newsID=103984

By Grant Gross
IDG news service
05 September 2008

Microsoft is to release four critical updates next Tuesday.

The patches to be released on so-called Patch Tuesday include fixes for
a vulnerability that allows remote code execution in Windows Media
Player 11 on various Microsoft operating systems and for a vulnerability
that allows remote code execution in various versions of the Windows OS
and related products, including 2003 Server, Vista, XP, Office, .Net
Framework, Works, Visual Studio, Visual FoxPro and other software.

The two other patches will address remote code execution in Windows
Media Encoder 9 and in Office and Office OneNote 2007.

More information is available at Microsoft's site [1].

[1] http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Lessons Learned: This Time, New Orleans VARs Were Ready

2008-09-05T02:41:44Z

http://www.crn.com/it-channel/210500009

By Scott Campbell
ChannelWeb
Sept. 04, 2008

The power is still out, cell phones calls still fail and businesses will
remain closed today. But New Orleans is breathing a lot easier.

The city took a big hit over the Labor Day weekend from Hurricane
Gustav, but it was spared the devastation wrought three years earlier by
Katrina. And this time, local solution providers were ready.

Overall, the evacuation of New Orleans was a more efficient operation
compared to Katrina. Emergency officials improved their response plan
following the chaos that ensued during Hurricane Katrina and the same
can be said for solution providers too. This time, they were better able
to help customers backup systems and prepare their businesses for the
possibility of an emergency.

Solution providers along the Gulf Coast developed new strategies after
Katrina, and Gustav was the first big test to see if the changes would
prove successful. Several VARs said all their hard work paid off.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Secunia Weekly Summary - Issue: 2008-36

2008-09-05T02:41:28Z

========================================================================

The Secunia Weekly Advisory Summary
2008-08-28 - 2008-09-04

This week: 61 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

========================================================================
2) This Week in Brief:

VMware has acknowledged some vulnerabilities in VMware Workstation,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/31707/

--

Secunia Research has discovered a vulnerability in Novell iPrint
Client, which can be exploited by malicious people to compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/31370/

--

VIRUS ALERTS:

During the past week Secunia collected 232 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1. [SA31549] Opera Multiple Vulnerabilities
2. [SA31684] Novell eDirectory Multiple Vulnerabilities
3. [SA31708] VMware Server Multiple Vulnerabilities
4. [SA31707] VMware Workstation Multiple Vulnerabilities
5. [SA31667] Sun Solaris Kernel Covert Channel Security Bypass
6. [SA31587] HP TCP/IP Services for OpenVMS Finger Format String
Vulnerability
7. [SA31640] OpenOffice "rtl_allocateMemory()" Truncation
Vulnerability
8. [SA31681] dotProject SQL Injection and Cross-Site Scripting
9. [SA14652] Subdreamer Light Global Variables SQL Injection
Vulnerability
10. [SA31651] HP-UX update for Apache

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA31710] VMware ACE Multiple Vulnerabilities
[SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow
[SA31660] Acoustica Beatcraft Project File Buffer Overflow
Vulnerability
[SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
[SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability
[SA31693] PageR Enterprise Directory Traversal Vulnerability

UNIX/Linux:
[SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm
[SA31711] VMware Fusion Multiple Vulnerabilities
[SA31687] SUSE Update for Multiple Packages
[SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability
[SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability
[SA31742] Astaro Security Gateway DNS Cache Poisoning
[SA31738] Slackware update for php
[SA31728] Ubuntu update for libxml2
[SA31725] ClamAV CHM Processing Denial of Service
[SA31722] eliteCMS "page" SQL Injection Vulnerability
[SA31712] VMware ESX Server Multiple Vulnerabilities
[SA31702] HP-UX update for Netscape / Red Hat Directory Server
[SA31699] PHP Coupon Script "id" SQL Injection Vulnerability
[SA31698] Ubuntu update for tiff
[SA31697] rPath update for ruby
[SA31676] Newsbeuter URL Processing Shell Command Execution
[SA31670] Red Hat update for libtiff
[SA31668] Red Hat update for libtiff
[SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities
[SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities
[SA31691] Debian update for slash
[SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation
[SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities
[SA31663] Slackware update for amarok
[SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability
[SA31716] Postfix epoll File Descriptor Leak Security Issue
[SA31694] GpsDrive "geo-code" Insecure Temporary Files
[SA31689] Avaya Products Linux Kernel Local Denial of Service
[SA31667] Sun Solaris Kernel Covert Channel Security Bypass

Other:
[SA31730] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities
[SA31673] IBM WebSphere Application Server for z/OS HTTP Server
mod_proxy_ftp Vulnerability
[SA31680] Kyocera FS-118MFP Command Center Directory Traversal
Vulnerability
[SA31665] Belkin Wireless G Router Web Interface Authentication Bypass

Cross Platform:
[SA31709] VMware Player Multiple Vulnerabilities
[SA31708] VMware Server Multiple Vulnerabilities
[SA31707] VMware Workstation Multiple Vulnerabilities
[SA31723] Ruby on Rails REXML Denial of Service Vulnerability
[SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability
[SA31696] Living Local Website "r" SQL Injection Vulnerability
[SA31683] Invision Power Board Multiple Vulnerabilities
[SA31682] EasyClassifields "go" SQL Injection Vulnerability
[SA31678] Novell IDM Cross-Site Scripting and Script Insertion
[SA31674] Wireshark Denial of Service Vulnerabilities
[SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability
[SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability
[SA31684] Novell eDirectory Multiple Vulnerabilities
[SA31735] Celerondude Uploader "username" Cross-Site Scripting
Vulnerability
[SA31729] Django Authentication Cross-Site Request Forgery
[SA31719] Open Media Collectors Database Cross-Site Scripting and
Request Forgery
[SA31681] dotProject SQL Injection and Cross-Site Scripting
[SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities
[SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery
[SA31661] Brim SQL Injection and Script Insertion Vulnerabilities
[SA31731] Cisco Secure ACS EAP Packet Denial of Service
[SA31688] HP OpenView Network Node Manager Denial of Service

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA31710] VMware ACE Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware ACE, which can
be exploited by malicious, local users to gain escalated privileges and
by malicious people to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31710/

--

[SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-09-01

n00b has discovered a vulnerability in Acoustica MP3 CD Burner, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31666/

--

[SA31660] Acoustica Beatcraft Project File Buffer Overflow
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-09-01

Koshi has discovered a vulnerability in Acoustica Beatcraft, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31660/

--

[SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-03

C1c4Tr1Z has discovered some vulnerabilities in @Mail WebMail, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31727/

--

[SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-09-03

Joo Antunes has discovered a vulnerability in Softalk Mail Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31715/

--

[SA31693] PageR Enterprise Directory Traversal Vulnerability

Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-09-04

A vulnerability has been reported in PageR Enterprise, which can be
exploited by malicious users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/31693/

UNIX/Linux:--

[SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm

Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-09-04

SUSE has issued an update for IBMJava5-JRE and java-1_5_0-ibm. This
fixes some vulnerabilities, which can be exploited by malicious people
to bypass certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31736/

--

[SA31711] VMware Fusion Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware Fusion, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31711/

--

[SA31687] SUSE Update for Multiple Packages

Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released: 2008-09-01

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, gain escalated privileges,
and bypass certain security restrictions, by malicious users to conduct
script insertion attacks and cause a DoS (Denial of Service), and by
malicious people to disclose potentially sensitive information, conduct
cross-site scripting attacks, cause a DoS, poison the DNS cache, and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31687/

--

[SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-09-04

shinnai has discovered a vulnerability in Najdi.si Toolbar, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31671/

--

[SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-09-04

FreeBSD has acknowledged a vulnerability, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31745/

--

[SA31742] Astaro Security Gateway DNS Cache Poisoning

Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2008-09-04

Astaro has acknowledged a vulnerability in Astaro Security Gateway,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31742/

--

[SA31738] Slackware update for php

Critical: Moderately critical
Where: From remote
Impact: Unknown, Exposure of sensitive information, DoS, System
access
Released: 2008-09-04

Slackware has issued an update for php. This fixes some
vulnerabilities, where some have an unknown impact and others can
potentially be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31738/

--

[SA31728] Ubuntu update for libxml2

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-09-04

Ubuntu has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31728/

--

[SA31725] ClamAV CHM Processing Denial of Service

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-09-03

A vulnerability has been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31725/

--

[SA31722] eliteCMS "page" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-09-03

e.wiZz! has discovered a vulnerability in eliteCMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31722/

--

[SA31712] VMware ESX Server Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware ESX Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31712/

--

[SA31702] HP-UX update for Netscape / Red Hat Directory Server

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2008-09-02

HP has issued an update for Netscape / Red Hat Directory Server. This
fixes some vulnerabilities, which can be exploited by malicious people
to conduct cross-site scripting attacks, cause a DoS (Denial of
Service), and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31702/

--

[SA31699] PHP Coupon Script "id" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-03

Hussin X has reported a vulnerability in PHP Coupon Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31699/

--

[SA31698] Ubuntu update for tiff

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-09-03

Ubuntu has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31698/

--

[SA31697] rPath update for ruby

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, DoS
Released: 2008-09-01

rPath has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/31697/

--

[SA31676] Newsbeuter URL Processing Shell Command Execution

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-09-02

A vulnerability has been reported in Newsbeuter, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31676/

--

[SA31670] Red Hat update for libtiff

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-29

Red Hat has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31670/

--

[SA31668] Red Hat update for libtiff

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-29

Red Hat has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31668/

--

[SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-03

C1c4Tr1Z has discovered some vulnerabilities in @Mail, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31720/

--

[SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-09-01

VMware has acknowledged a weakness and a vulnerability in VMware ESX
Server, which can be exploited by malicious users to disclose
potentially sensitive information and by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31713/

--

[SA31691] Debian update for slash

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-09-02

Debian has issued an update for slash. This fixes some vulnerabilities,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31691/

--

[SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-09-04

FreeBSD has acknowledged a vulnerability, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31743/

--

[SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities

Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-09-01

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31685/

--

[SA31663] Slackware update for amarok

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-29

Slackware has issued an update for amarok. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31663/

--

[SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability

Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-09-04

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31739/

--

[SA31716] Postfix epoll File Descriptor Leak Security Issue

Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-09-03

A security issue has been reported in Postfix, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31716/

--

[SA31694] GpsDrive "geo-code" Insecure Temporary Files

Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-29

A security issue has been reported in GpsDrive, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31694/

--

[SA31689] Avaya Products Linux Kernel Local Denial of Service

Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-09-01

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31689/

--

[SA31667] Sun Solaris Kernel Covert Channel Security Bypass

Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2008-08-29

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31667/

Other:--

[SA31730] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2008-09-04

Some vulnerabilities have been reported in Cisco ASA and PIX
appliances, which can be exploited by malicious people to disclose
sensitive information, and by malicious users and malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31730/

--

[SA31673] IBM WebSphere Application Server for z/OS HTTP Server
mod_proxy_ftp Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-29

IBM has acknowledged a vulnerability in IBM WebSphere Application
Server for z/OS, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31673/

--

[SA31680] Kyocera FS-118MFP Command Center Directory Traversal
Vulnerability

Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-09-02

Francesco Tornieri has reported a vulnerability in Kyocera FS-118MFP,
which can be exploited by malicious people to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/31680/

--

[SA31665] Belkin Wireless G Router Web Interface Authentication Bypass

Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-09-03

noensr has reported a vulnerability in Belkin Wireless G F5D7632-4V6,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31665/

Cross Platform:--

[SA31709] VMware Player Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware Player, which
can be exploited by malicious, local users to gain escalated privileges
and by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31709/

--

[SA31708] VMware Server Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware Server, which
can be exploited by malicious, local users to gain escalated privileges
and by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31708/

--

[SA31707] VMware Workstation Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2008-09-01

VMware has acknowledged some vulnerabilities in VMware Workstation,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31707/

--

[SA31723] Ruby on Rails REXML Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-09-03

A vulnerability has been reported in Ruby on Rails, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31723/

--

[SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-02

Hussin X has discovered a vulnerability in Reciprocal Links Manager,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31703/

--

[SA31696] Living Local Website "r" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-04

Hussin X has reported a vulnerability in Living Local Website, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31696/

--

[SA31683] Invision Power Board Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Hijacking, Manipulation of data, Exposure of sensitive
information, System access
Released: 2008-09-03

DarkFig has reported some vulnerabilities in Invision Power Board
(IP.Board), which can be exploited by malicious users to disclose
sensitive information and compromise a vulnerable system, and by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31683/

--

[SA31682] EasyClassifields "go" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-01

e.wiZz! has discovered a vulnerability in EasyClassifields, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31682/

--

[SA31678] Novell IDM Cross-Site Scripting and Script Insertion

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-01

Some vulnerabilities have been reported in Novell User Application and
Novell Identity Manager Roles Based Provisioning Module, which can be
exploited by malicious people to conduct script insertion and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31678/

--

[SA31674] Wireshark Denial of Service Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-09-04

Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31674/

--

[SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-04

BorN To K!LL has reported a vulnerability in CMSbright, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31669/

--

[SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-09-03

Cyb3r-1sT has reported a vulnerability in Spice Classifieds, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31664/

--

[SA31684] Novell eDirectory Multiple Vulnerabilities

Critical: Moderately critical
Where: From local network
Impact: Unknown, Cross Site Scripting, DoS, System access
Released: 2008-08-29

Multiple vulnerabilities have been reported in Novell eDirectory, where
some have an unknown impact and others can be exploited by malicious
people to conduct cross-site scripting attacks or to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31684/

--

[SA31735] Celerondude Uploader "username" Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-04

A vulnerability has been discovered in Celerondude Uploader, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31735/

--

[SA31729] Django Authentication Cross-Site Request Forgery

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-09-04

A vulnerability has been reported in Django, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31729/

--

[SA31719] Open Media Collectors Database Cross-Site Scripting and
Request Forgery

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-03

Some vulnerabilities have been discovered in Open Media Collectors
Database (OpenDb), which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31719/

--

[SA31681] dotProject SQL Injection and Cross-Site Scripting

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2008-08-29

C1c4Tr1Z has discovered some vulnerabilities in dotProject, which can
be exploited by malicious users to conduct SQL injection attacks, and
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31681/

--

[SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-09-02

Fabian Fingerle has discovered some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31679/

--

[SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-29

Two vulnerabilities have been reported in Blogn, which can be exploited
by malicious people to conduct cross-site scripting and cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31662/

--

[SA31661] Brim SQL Injection and Script Insertion Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2008-09-01

Fisher762 has discovered two vulnerabilities in Brim, which can be
exploited by malicious users to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31661/

--

[SA31731] Cisco Secure ACS EAP Packet Denial of Service

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-09-04

A vulnerability has been reported in Cisco Secure Access Control Server
(ACS), which can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31731/

--

[SA31688] HP OpenView Network Node Manager Denial of Service

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-09-03

Some vulnerabilities have been reported in HP OpenView Network Node
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31688/

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web : http://secunia.com/
E-mail : support@...
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Detroit's Mayor Will Leave Office and Go to Jail

2008-09-05T02:41:13Z

http://www.nytimes.com/2008/09/05/us/05detroit.html

[Backround: http://www.infosecnews.org/hypermail/0801/14318.html - WK]

By SUSAN SAULNY and NICK BUNKLEY
The New York Times
September 4, 2008

DETROIT - Mayor Kwame M. Kilpatrick pleaded guilty to felony charges
here on Thursday and agreed to resign from office and serve 120 days in
jail, ending eight months of political turmoil but also opening a new
era of uncertainty for the city.

After the agreement, Gov. Jennifer M. Granholm of Michigan suspended her
hearing on whether to remove Mr. Kilpatrick for misconduct, relieving
her of being in the awkward position of possibly ousting the mayor, a
fellow Democrat, from office.

"It is my profound hope that we can now write a new history for this
great but embattled city and that the citizens of Detroit begin the
healing process to move forward," she said. But even as the fate of Mr.
Kilpatrick became clear on Thursday, a new layer of potential pitfalls
came into view.

The City Council that will now try to bring stability to the nation's
11th largest city is known for its volatility. Its two top leaders,
Kenneth V. Cockrel Jr., the council president who will now be interim
mayor, and Monica Conyers, who will become president of the Council,
were recently involved in a public shouting match that has become a
running joke.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Re: ICANN cast as online scam enabler

2008-09-04T08:44:02Z

Directi's official response to inaccurate reports which falsely implicate the Directi Group

From Bhavin Turakhia’s Desk:

There have been some articles and reports recently published by Garth Bruen at Knujon and by Jart Armin and James Mcquad at Hostexploit, that somehow link Directi with groups that support organized internet crime. The motives behind these reports are still unknown, but as an organization that prides itself in setting industry benchmarks in ethics and best practices, we are extremely shocked by these allegations. While I applaud the efforts of volunteers such as Knujon and Hostexploit who spend their personal time to try and combat spam, I am personally quite saddened when the very individuals who we trust to combat fraud engage in publicity moves without consideration for the reputation of legitimate businesses.

Neither Knujon nor Hostexploit extended a basic courtesy of even contacting us to verify any of the facts in their report before publishing the same. Directi is not even remotely related to the organizations or activities listed in those reports. The arguments presented in these reports are either downright baseless, or based on complete fabrication of facts.

Various other news agencies and blogs have further referenced these reports in the form of a story or post, once again without any attempt to verify or validate the facts in these reports. Given the amount of noise this has created - it is imperative that we clarify our stand and rectify the factual inaccuracies in those reports.

The first false and inaccurate report in question is one published by Garth Bruen of Knujon. Find below each of the factual inaccuracy or misstatement in his report and our response to the same -

1. The report claims that “48 ICANN-accredited Registrars (affiliated with Directi) … do not seem to exist and are phantom.”
This statement is factually incorrect, and was completely unverified by Knujon. Knujon did not even bother to contact ICANN in this regards to get the right facts. The truth of the matter is that all 48 companies which belong to Directi and its clients, are in existence and are duly incorporated and validly existing under law.

2. Other Online reports further claim that these 48 registrars are involved in illicit activities.
This allegation is made without providing ANY evidence to corroborate the same. This statement is grossly inaccurate. The reporters did not bother to support such claims with any factual evidence, nor contacted us for clarification. All 48 companies combined have under a few thousand customers who have registered legitimate domains with these registrars and have not received any abuse complaints. Yet these companies have been dragged in, without evidence, into an issue that is unrelated to them.

3. Garth of Knujon further claims that the Directi Group owns a company by the name of ESTDomains.
This is another blatantly false insinuation. Directi has never owned ESTDomains. Garth has no documentation that shows Directi owning ESTDomains. We have challenged Knujon to produce any evidence with respect to this. In fact the only relationship between Directi and ESTDomains is that ESTDomains has purchased certain software from Logicboxes a few years ago to power their Registrar operations. They are otherwise an independent company and we do not control their actions or their behavior.

4. Another claim in the reports is that Directi sponsors illegal pharmacy related domain names and that If and when the site content is closed by the ISP host, Directi/PublicDomainsRegistry (sic) just helps them set up at a new IP
This accusation is once again baseless - we certainly do not condone any abusive behavior, much less facilitate it. Despite the fact that policing the Internet does not fall under the purview of a domain name Registrars’ responsibility, we work hard to clamp down abuse, from a moral standpoint. Infact the report again contains no evidence of a single domain name where WE have explicitly assisted a miscreant in migrating from one IP address to another. Quite the contrary, despite not having any legal obligation to do so as a Registar, we still takedown over 95% of the domains for which we receive abuse complaints within 24 hours of receiving these complaints. We invest significant resources towards ensuring that all abuse complaints are thoroughly investigated and swiftly acted upon.

5. The reports state that the privacy protection service that we provide intentionally harbors abusive domain names and should not be offered for domain names.
PrivacyProtect.org was created to safeguard genuine domain owners from the very threats that KnujOn perceives it to protect. Millions of genuine domain registrants and customers of Directi are using the privacy protection services we offer and are very happy that we provide the same since it protects their email addresses from being harvested and protects their identity from spammers and miscreants. We also maintain a strict zero-tolerance policy w.r.t. abuse of our privacy protection services, and any domain name proven to indulge in illegal activities has its protection immediately revoked. We challenge Knujon to find an example wherein a complaint was made to our privacy protection service and was not actioned upon.

6. The report claims “EstDomains is a Registrar that also makes heavy use of the PrivacyProtect.org service for masking the ownership of fake pharmacy domains.”
Long before this report was ever published, we had already discontinued our privacy protection services to ESTDomains as per our zero tolerance policy. Knujon again choose not to verify their facts before publishing such assertions.

7. Further updates from Garth and other sites state that we are in the process of severing our relationship with ESTDomains making it sound as if we were harboring ESTDomains all this while and are now canceling their services
This assertion is incorrect. The only relationship Directi has had with ESTDomains is that of a software vendor. We have discontinued providing privacy protection services to them a few months ago. However ESTDomains continues to use software that they purchased from Directi since several years. We do not control their actions in this respect. None of our steps in terms of abuse prevention are knee jerk reactions to these reports because these reports do not carry any factual data. We are not responsible for domains registered through ESTDomains in any manner and cannot suspend them or prevent abuse on them.

The second false and inaccurate report in question is one published by Jart Armin and James Mcquad at Hostexploit. Here are our responses to the claims in that report -

1. This report deals with the purported abusive and illegal activities of a company called Atrivo, goes on to associate the Directi group with Atrivo. Most of the accusations in this report are based on the notion that the Directi Group has some association with Atrivo. In fact, the report states one of “the most important of these (cyber crime) Atrivo associations” as “PrivacyProtect (anonymous registrant), LogicBoxes (hosting servers)”.This statement is completely incorrect. Neither is Atrivo associated with LogicBoxes, nor is it being hosted by LogicBoxes, nor have they registered their domain name through LogicBoxes. In fact there is no link between Atrivo and LogicBoxes, except the fact that Atrivo is a customer of ESTDomains and ESTDomains is a customer of LogicBoxes. The Directi Group does not have, and has NEVER had, any association with either Atrivo or their business practices. Directi and Logicboxes are neither a vendor nor a customer nor a business associate of Atrivo. Directi received no courtesy information request from the authors of this report to verify this claim. The report shows no evidence of any such association.

2. This report, in its investigations of our privacy protection service, goes on to detail the name server and whois information of privacyprotect.com (which is not affiliated with us) instead of privacyprotect.org, which perhaps epitomizes the quality of research on which the report is based. From a simple whois query, and a quick visit to these websites, it is amply clear that these two entities are in no way connected with each other.

3. Like the previous report, this report also claims that ESTDomains provides use of Directi’s privacy protection services - which, as clarified above, is absolutely false and inaccurate at the time the report was published.

If you are a news agency or a blog or a news site that has quoted any of the above mentioned reports with false allegations about Directi and LogicBoxes, we request you to post this update in its entirety in a visible manner with a link from the existing article’s headline with a byline that can state “Update: Directi disclaims all allegations in the knujon / hostexploit reports as baseless and factually incorrect“, since you are currently carrying false and defamatory statements without verification or evidence on the same and have caused considerable reputation loss to our organization. Several of you who have already updated your respective websites, and confirmed the same to us - we thank you for your cooperation and urge you to ensure that in the future when referencing reports of this nature, you at least extend the subject, a basic courtesy of confirming the facts. The reputation damage that has been caused as a result of this incident is considerable.

Today, Directi continues to be one of the most proactive Registrars in combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business.

However it is reports and claims like these that are disappointing to any white hat, genuinely conscientious Registrar, wherein despite our continuous efforts, organizations such as Knujon and HostExploit, without attempting to verify facts, publish libelous and false allegations. Even a basic common courtesy of contacting us was not extended prior to publishing these reports.

While Directi will take all steps necessary to protect its interests, we hope that this type of an incident is not repeated in the future and that online press and media take some basic steps to verify their stories before maligning someone falsely on the Internet at large.

'MythBusters' co-host backpedals on RFID kerfuffle

2008-09-04T00:18:58Z

http://news.cnet.com/8301-13772_3-10031601-52.html

By Daniel Terdiman
Gaming and Culture
CNET News
September 3, 2008

MythBusters co-host Adam Savage is stepping back from public comments
suggesting that legal counsel from several credit card companies led the
Discovery Channel to pull the plug on an episode dedicated to security
holes in RFID.

At the Last HOPE conference in New York in July, Savage told a crowd of
several thousand people that his theory on why MythBusters had not gone
forward with a planned episode on RFID (radio frequency identification)
hackability was that on a conference call to discuss the matter with
technicians from Texas Instruments, the lawyers for the credit cards
companies had put the hammer down on the show.

"Texas Instruments comes on along with chief legal counsel for American
Express, Visa, Discover, and everybody else (co-host Tory Belleci and a
MythBusters producer) were way, way out-gunned," Savage told the crowd,
"and (the lawyers) absolutely made it really clear to Discovery that
they were not going to air this episode talking about how hackable this
stuff was, and Discovery backed way down, being a large corporation that
depends upon the revenue of the advertisers. Now it's on Discovery's
radar and they won't let us go near it."

But Texas Instruments spokeswoman Cindy Huff told CNET News on Tuesday
that things had gone a bit different than Savage had said.

"In June 2007, MythBusters was interested in pursuing some great
myth-busting ideas for RFID. While in pursuit, they contacted Texas
Instruments' RFID Systems, who is a pioneer of RFID and contactless
technology, for technical help and understanding of RFID in the
contactless payments space," Huff said. "Some of the information that
was needed to pursue the program required further support from the
contactless payment companies as they construct their own proprietary
systems for security to protect their customers. To move the process
along, Texas Instruments coordinated a conversation with Smart Card
Alliance (SCA) who invited MasterCard and Visa, on contactless payments
to help MythBusters get the right information. Of the handful of people
on the call, there were mostly product managers and only one contactless
payment company's legal counsel member. Technical questions were asked
and answered and we were to wait for MythBusters to let us know when
they were planning on showing the segment. A few weeks later, Texas
Instruments was told by MythBusters that the storyline had changed and
they were pursuing a different angle which did not require our help."

And now, even Savage is saying that he got his facts wrong.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Zombie network explosion

2008-09-04T00:18:44Z

http://www.theregister.co.uk/2008/09/02/zombie_surge/

By John Leyden
The Register
2nd September 2008

The number of compromised zombie PCs in botnet networks has quadrupled
over the last three months, according to figures from the Shadowserver
Foundation.

Shadowserver tracks botnet activity and the number of command and
control servers. It uses a variety of metrics to slice and dice its
figures based in part on the entropy of botnet infections. The clear
trend within these figures is upwards, with a rise in botnet numbers of
100,000 to 400,000 (if 30 day entropy is factored into equations) or
from 20,000 to 60,000 (for five day entropy).

Entropy of botnets is calculated on the basis that if no activity is
seen from a specific IP for a number of days - either 30, 10 or five -
then it is removed from the botnet count.

Shadowserver figures suggest the number of command and control servers
has actually decreased over the last month, following a spike in
activity back in July.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Google's Chrome Browser Not Yet Secure

2008-09-04T00:18:32Z

http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=210300297

By Thomas Claburn
InformationWeek
September 3, 2008

Google (NSDQ: GOOG)'s Chrome browser is only a day old, but security
researchers already have found vulnerabilities that can be exploited.

According to a report published by ZDNet, security researcher Aviv Raff
has found that he can combine a flaw in the open source WebKit engine
with a Java bug to dupe Chrome users into downloading executable files.

Apple, which uses WebKit in its Safari browser, fixed this flaw with its
Safari 3.1.2 browser patch. Chrome uses an older version of WebKit that
has not been repaired.

Another security researcher, Rishi Narang, claimed to have found a way
to crash Chrome with a malicious link.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

'Defense Ministry's Cyber Network Is Hacker-Proof'

2008-09-04T00:18:17Z

http://www.koreatimes.co.kr/www/news/nation/2008/09/116_30464.html

By Michael Ha
Staff Reporter
09-02-2008

A Defense Ministry spokesman assured Tuesday that the department's
cyber-security system is "hacker-proof," adding that its intra-net
computer data network is detached from the external Internet.

The ministry's announcement was designed to address new security
concerns in wake of the arrest of a North Korean defector who was
allegedly working for North Korean intelligence.

Local media have reported that Won Jung-hwa, 34, had allegedly collected
e-mail addresses of a number of South Korean military officials. The
reports said these e-mail addresses may have been used by hackers to
break into the Defense Ministry's computer network. In fact, the Korean
military officials issued a security warning to its personnel last month
when some staff began receiving e-mails with attachments containing
hacking programs.

But Defense Ministry spokesman Won Tae-jae told local reporters during a
press briefing Tuesday that the ministry's intra-net network is not
connected to the external Web, "so that outsiders can't approach the
internal network through the Internet."

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

UK crime fighters grapple with iPhone wipe threat

2008-09-04T00:17:48Z

http://networks.silicon.com/mobile/0,39024665,39282266,00.htm

By Nick Heath
Silicon.com
2 September 2008

Criminals can remotely destroy incriminating evidence by exploiting
security features on the Apple iPhone, a leading digital forensics
expert has warned.

The head of the Serious Fraud Office digital forensics unit Keith Foggon
cautioned that the ability to remotely wipe the iPhone and other smart
phones used by enterprises could be exploited by lawbreakers.

Foggon said: "The 3G iPhone is brand new, there are not many tools for
dealing with it and it can be remotely wiped. It's a bit like the
BlackBerrys where users can carry out remote deletion."

He added the unit took precautions to guard against the feature being
exploited. "Because we isolate the devices immediately, and never
reconnect them to their network, the remote wiping capability does not
present us with much of a problem," he noted.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

'Lack of Cyber laws makes it impossible to fight Net crimes'

2008-09-04T00:17:34Z

http://www.arabtimesonline.com/kuwaitnews/pagesdetails.asp?nid=21784&ccid=9

By Francis A. Clifford Cardozo
Arab Times Staff
September 04, 2008

KUWAIT CITY - Internet-related crimes are on the rise in Kuwait and the
lack of Cyber laws makes it impossible to tackle such fraudulent
practices, says a Kuwaiti lawyer. Speaking to the Arab Times on
Wednesday, Labeed Abdal added that hackers are increasingly targeting
Kuwait and many other countries, knowing full well that they can get
away with their crimes. He went on to explain that some people send
abusive emails to settle personal scores and that the law enforcement
agencies are unable to act on such matters due to non-existence of Cyber
laws, “which must be in tune with the latest changes in the Internet
domain.”

Citing an example, he said, recently a woman approached a police station
to file complaint with regards to a derogatory email but the police
refused to entertain her complaint. “In such a scenario, we cannot blame
the security authorities. There is an exigent need to establish what can
be called as Cyber Police which will enable to monitor online
activities, besides tracking down the source of abusive emails. In other
words, the police will only register a complaint provided a person
admits to his or her crime, thereby referring the case to prosecution.”

Confess

“Supposing a person refuses to confess to his crime, then it becomes
impossible for the authorities to register a complaint for the simple
reason that they do not posses the required know-how and equipment to
track down the source of an email, especially if the sender uses only
his initials or if the mail is anonymous,” he added. Asked to comment on
the decision of some prosecutors to draft a law with regards to Internet
crimes, Abdal said he was unable to comment on the issue as he was yet
to see the contents of the draft, which must be submitted to the
parliament before being reviewed by the legislative committee.

Stressing that many unsolicited emails were originating from Africa,
particularly from Nigeria, Abdal noted that one Kuwaiti lady was
recently duped by some unscrupulous elements after she fell prey to a
fraudulent email.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Vice chief of Cyber Command is reassigned

2008-09-04T00:17:17Z

http://www.airforcetimes.com/news/2008/09/airforce_general_moves_090208w/

By Bruce Rolfsen
Staff writer
Air Force Times
Sept. 3, 2008

The Air Force’s latest reassignment list for general officers reflects
the service’s move away from an independent cyber command.

The provisional command's vice commander, who has been on the job for
one month, is being reassigned to the Pentagon, the Air Force said in an
Aug. 29 statement. No replacement was named.

Maj. Gen. Randal D. Fullhart, who assumed the vice commander post in
August, is moving to the Air Staff to join the Office of the Assistant
Secretary of the Air Force for Acquisition as director of global reach
programs. Fullhart is a career mobility pilot, but he served with the
National Security Agency as the deputy chief for the Central Security
Service for two years before moving to the cyber post.

The service’s plans to establish a cyber command were put on hold in
August as newly appointed Chief of Staff Gen. Norton Schwartz and acting
Secretary of the Air Force Michael Donley began a wide-ranging review of
projects advocated by the leaders they replaced, now-retired Gen. T.
Michael Moseley and former secretary Michael Wynne.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

North Korea spyware targets South's army

2008-09-02T23:06:32Z

http://news.theage.com.au/world/north-korea-spyware-targets-souths-army-20080902-47wp.html

The Age
September 2, 2008

North Korea has tried to hack into the computers of South Korean army
officers, officials said, one week after disclosing an espionage case
involving a woman posing as a defector.

An email sent to "many" officers contained a hacking program designed
automatically to steal stored files if the recipient opens it, a South
Korean defence ministry spokesman said.

A colonel was among those who have received the email virus since June.

The ministry said no classified information had been leaked.

"It is impossible for hackers to break into the computer system of our
military which operates a separate intra network," a spokesman told AFP.

But the North's cyber attack prompted the army to update its
anti-hacking software and officers had been asked not to store sensitive
data on their personal computers, he said.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/