AusCERT Week in Review 27th January 2012
Date: 27 January 2012
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=15374
Well, this week has been interesting.
To start the week the US-CERT posted an alert regarding Distributed Denial of Service attacks by the 'Anonymous' group. These attacks are typically conducted by members of the group using the 'Low Orbit Ion Cannon' attack tool and are coordinated via good old IRC.
We have also seen a major bug discovered in Symantic's pcAnywhere software. This bug allows attackers to execute arbitrary code on the target system with 'System' or Administrator level privileges.
Several bugs were also found in the Google Chrome web browser, and fixed. Users of the Chrome browser are recommended to upgrade to the most recent version ASAP.
To round out this week we also saw a TFTP directory traversal attack against the D-Link DIR-601 wireless router. This attack relies on a TFTP daemon listening on the WAN connection of the device and allows arbitrary files to be read.