Immunity Advisory: Compaq Web Management Vulnerability
Immunity, Inc. released an advisory regarding a vulnerability in Compaq Web Management (HP HTTP).
"Compaq Web Management includes a number of daemons, which listen on a number of TCP ports, and also to SNMP requests. On port 2381, an SSL HTTP server runs. If the system is configured to let anonymous users browse it, a common configuration, then a bug in the validation system allows users to upload their own certificates to be trusted by the client system. This would allow that machine to be administered remotely via such mechanisms as Secure Task Execution. This is considered a cricical problem, as Compaq Web Management is often installed on every machine in an enterprise."
Complete advisory is available at:
Banking Group Comments on "Phishing" Losses
"Phishing" schemes have been increasing in frequency over the past year. These usually involve messages sent to users' e-mail boxes claiming to come from banks, e-bay, paypal, etc... and then direct users to a web site that appear to be legitimate. From that web site, users are asked to provide personal and/or financial details that may be used for identity theft or other forms of fraud.
The Austrailian Bankers' Association comments in a ZDNet article that the losses from these schemes "are not material enough" to warrant boosting online banking security, compared to "other forms of graft such as credit card fraud."
BJ's Wholesale Club Alerts Members of Potential Credit Card Leak
BJ's has issued a press release stating that a small fraction of its 8 million members may have been affected by a compromise that may have resulted in the theft of their credit card information. BJs has made additional customer care representatives available to assist members whose credit card may have been stolen. If you suspect unauthorized use of any credit card used at BJ's, you should report it to the credit card issuer or bank. Additional questions should be directed to 1-800-BJS-CLUB.
More Information is available at:
Dave Brookshire, SANS Handler-on-Duty
Mar 13th 2004
1 decade ago