Update
Symantec Multiple Firewall NBNS Response Processing Stack Overflow Update: This is just a head up about multiple vulnerabilities found on Symantec Products. Expect a more detailed explanation on tomorrows diary. Reference: http://www.eeye.com/html/Research/Advisories/AD20040512A.html http://www.eeye.com/html/Research/Advisories/index.html Worm Passwords List Passwords are in general, the weakest link in the corporate security strategy. In the 2003 edition of SANS Top 20 vulnerabilities, weak passwords are listed as one major vulnerability: http://www.sans.org/top20 Item 4.1 Description: "Passwords, passphrases and/or security codes are used in virtually every interaction between users and information systems. Most forms of user authentication, as well as file and data protection, rely heavily on user or vendor supplied passwords. In addition, since properly authenticated access is often not logged, or if logged not likely to arouse suspicion, a compromised password is an opportunity to explore a system virtually undetected. An attacker in possession of a valid user password would have complete access to any resources available to that user, and would be significantly closer to being able to access other accounts, nearby machines, and perhaps even obtain root level access on this system. Despite this threat, user and administrator level accounts with poor or non-existent passwords are still very common. As well, organizations with a well-developed and enforced password policy are still uncommon. The most common password vulnerabilities are: (a) user accounts that have weak or nonexistent passwords; (b) users accounts with widely known or openly displayed passwords; (c) system or software created administrative level accounts with widely known, weak, or nonexistent passwords; and (d) weak or well known password hashing algorithms and/or user password hashes that are stored with weak security and are visible to anyone. The best defense against all of these vulnerabilities is a well developed password policy that includes: detailed instructions for users to create strong passwords; explicit rules for users to ensure their passwords remain secure; a process in place for IT staff to promptly replace weak/insecure/default or widely known passwords and to promptly lock down inactive or close down unused accounts; and a proactive and regular process of checking all passwords for strength and complexity. " In today's ISC Webcast, we talked about an example of a password list that was used by malware known as "IRCBot" to guess/brute force passwords to get access on systems. This list is available at: http://isc.sans.org/presentations/ircbot_pwlist.txt Did you miss our monthly ISC Webcast? Check out the Webcast archives: http://www.sans.org/webcasts/archive.php Mailbag - Netsky We received a report from a user who had been seeing a large number of DNS queries from a small set of his high speed customers. The answer, as pointed by Rick Wanner, was that it was caused by NetSky. From his words: "...I didn't realize that the deciding factor for what is an email address is anything with an "@" sign in the name, or contents would be tried as an email address. So people with big Internet caches, and who don't clean up their cookies were generating thousands of MX requests per minute to their default DNS server." ----------------------------------------------------------------- Handler on duty: Pedro Bueno (bueno_AT_ieee.org) |
Pedro 155 Posts ISC Handler May 13th 2004 |
Thread locked Subscribe |
May 13th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!