Astiostech – Blog, News and Updates
#TeamOpenSourceMalaysia
There’s a possible bypass for authentication when LDAP is used for Chap/MsChap in Cisco’s VPN. An attacker can access your internal network without providing authentication at all. This is quite serious to those running LDAP on PIXes and ASAes. So far, as i can remember … “Multiple Vulnerabilities with Cisco’s PIX and ASA”
Read MoreOk, lets start making it clear who the initiator (SRC) and receiver (DST) are. SRC is the person/computer who wants to talk to you and makes the first attempt to do so. Receiver is the person who will either respond to the attempt made by … “ISA server’s incoming vs outgoing IP (and SMTP Reverse Lookup)”
Read MoreIn a recent ISA Server 2006 Level 400 class, we discussed a vulnerability on Exchange server that could lead to remote code execution. The particular remote attack is listed in CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213 and rated high in it’s severity. If you have customers or run Exchange … “URGENT! – Serious security flaws with all Microsoft Exchange versions”
Read MoreWas doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention. These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support). Quicktime- A vulnerability that allows … “Vulnerabilities on Quicktime and Asterisk”
Read MoreHere’s a piece of software i must blog about, its called Fring. I just got a Nokia N80 recently and of course, i wanted to stuff the phone like what we did to the turkey in Christmas, but with software. The company i work for … “Fring Me (Asterisk and Nokia Symbian special mention)”
Read MoreSome people in the middle eastern parts of the world including Pakistan have been shaken by phone SMS messages warning them about the existence of a phone to human virus. This hoax, just like many we JUNK in Outlook, had forced public figures to release … “Idiocracy Alert – Phone to Human virus”
Read MoreLook out Flash, here’s come another ray of light, called Silverlight. Silverlight is Microsoft’s answer to rich web applications which previously dominated by Macromedia Flash. I tried some of the samples, looks like it can do pretty much what Flash can, like, play games, watch … “Every cloud has a Silverlight”
Read MoreIt comes as no surprise that the exploitation of the MS DNS issue is out and around. According to Symantec, this particular worm executes several vulenrability checks (much like a security scanner) and exploits those that are vulnerable. In short, the process is completely automated … “W32.Rinbot – Exploitation of Windows DNS and other vulnerabilities”
Read MoreMy previous post talks about the DNS vulnerability and now the exploit codes are available and are being used already to VERY EASILY EXPLOIT DNS servers especially within an organization (typically). No one in their right mind would publish RPC over the internet, right.., right..!!?? … “WARNING – DNS Zero day exploit code is public”
Read MoreA new buffer overflow vulnerability with the RPC protocol for managing the DNS service in Windows 2000 (all SPs) and Windows 2003 (all SPs) has been discovered by hackers. Upon successful execution of this exploit, the attacker can run code with the security equivalent of … “Windows 2000/2003 DNS Server Service Zero Day Exploit”
Read More