Last Updated: 2007-11-27 21:04:19 UTC
by Joel Esler (Version: 1)
As you can imagine, here at the ISC we get thousands (tens of thousands?) of user submitted questions and suggestions. Let me tell you what, we appreciate it. It's what binds the galaxy together. (TM)
But we had a user submitted question today that I found particularly interesting. Jim wrote in asking us:
"I am looking for some good policies and practices to help my help desk avoid falling victim to social engineering. I looked around on SANS and other sites but find little more than asking a few questions to verify identity. We are also considering a callback as a auditing step. What do you think?"
So what DO you think readers?
Last Updated: 2007-11-27 19:19:47 UTC
by Joel Esler (Version: 2)
Core Security has put out a new advisory concerning a buffer overflow in Lotus Notes. Both remotely and locally exploitable.
Core lists the vulnerable software pieces as:
- Lotus Notes version 7.x
- Lotus Notes version 8.x (not confirmed by Core)
- Lotus Notes version 6.5.6 (not confirmed by Core)
- Other software packages using Verity KeyView SDK using vulnerable
versions of l123sr.dll
Although it's prudent to keep in mind that as of now 8.x and 6.5.6 are NOT confirmed by Core (as in their advisory, and the cut and paste above).
Cut and Paste from Core's Advisory:
Lotus Notes customers should follow the instructions of the following
support Technote, which outlines the available options based on specific
versions of Lotus Notes:
Workaround 1: Delete the keyview.ini file in the Notes program directory.
This disables ALL viewers. When a user clicks View (for any file), a
dialog box will display with the message "Unable to locate the viewer
Workaround 2: Delete the problem file l123sr.dll file. When a user tries
to view the specific file type, a dialog box will display with the message
"The viewer display window could not be initialized." All other file types
work without returning the error message.
Workaround 3: Comment out specific lines in keyview.ini for any references
to the problem file (l123sr.dll). To comment a line, you precede it with a
semi-colon (;). When a user tries to view the specific file type, a dialog
box will display with the message "The viewer display window could not be
initialized". For example:
Workaround 4: Filter inbound emails with attachments with potentially
malicious files. Lotus 1-2-3 files are usually associated to MIME
Content-Type headers set to the following strings:
Note however that workaround #4 is a simply stop gap measure that could be
circumvented by relatively unsophisticated attackers.
Last Updated: 2007-11-27 15:48:34 UTC
by Joel Esler (Version: 1)
There's a new update for Firefox out. 22.214.171.124.