Greetings,

The themes for this week are Telstra, more Telstra, and a bit of Sys Admin related stuff.

Telstra has been in the news regularly this week due to the tracking of websites visited by its mobile users; information that was then sent to a company in the United States. Telstra has advised the tracking was to help develop a new cyber saftey tool. However customers have raised concerns about not being advised of the tracking, what specific information was stored, and whether the data could be accessed under the US Patriot Act. The latest is that the telco has stopped all tracking, with the Privacy Commissioner "considering an investigation into the matter". Meanwhile, the Privacy Commissioner has recently ruled that Telstra breached the privacy act when it inadvertently allowed public access to customer records.

Before moving onto the top 5 bulletins for the week, if you are not already aware - AusCERT Systems and Services will be offline tomorrow Saturday 30 June 2012 between 9am-5pm including the AusCERT website and ARM. Members, please take note of the member hotline number prior to the outage of the website.

Now onto the bulletins, here are my top 5 for the week from newest to oldest:

1) ESB-2012.0628 - [Printer] HP Photosmart Printers Denial of service - Remote/unauthenticated

Unless you want your printer to be unavailable more than usual, please ensure that you update your printer if it is one of the models affected.

2) ESB-2012.0626.2 - UPDATE [UNIX/Linux][Debian] bcfg2 Root compromise - Existing account

This root compromise requires an existing account in order to be exploited, however sys admins probably don't want people messing about with their configuration management system.

3) ESB-2012.0622 - [Win][Linux] HP System Management Homepage: Multiple vulnerabilities

Nearly every serious vulnerability you can think of has been found and fixed in the HP System Management Homepage. These require no authentication or interaction from authorised users so patch this one soon.

4) ASB-2012.0096 - [Win][UNIX/Linux] Google Chrome: Multiple vulnerabilities

Google Chrome has reached version 20 with arbitrary code execution, denial of service, and information disclosure vulnerabilities addressed. All of these vulnerabilities require interaction from the end user. Users of this popular browser should update ASAP.

5) ESB-2012.0621 - [UNIX/Linux][AIX] sendmail: Multiple vulnerabilities

Folks using sendmail on the various *nix operating systems should keep an eye out for a patch specific to their distro for this one. Otherwise some of your users might start running "fun" commands as root, among other things :)

Safe browsing,
Olivia

The AusCERT Week in Review is a roundup of the week's notable security advisories, events and AusCERT activities - brought to you by the AusCERT Coordination Centre team. For an extra perspective, follow @AusCERT on Twitter and stay connected to events as they happen.