|
|
AusCERT Week in Review for 20th July 2012 |
|
Date: 20 July 2012 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=16111 Greetings, During the week, security trainer Erdal Ozkaya posted on his blog; "Australian Passports in Google" which included an extensive list of Australian drivers licences, Passports, birth certificates and other documents of personal identification: A quick Google images search revealed quite a collection, many of which were current and un-obfuscated - ripe for abuse. While AusCERT did what it could to contact members impacted by this data breach, the issue of leaking valuable documents is serious, ongoing and has multiple vectors. It comes from within and outside of the enterprise making it quite tricky to manage. Take a moment to consider some vectors of valuable data leak, and how they may impact on your organisation:
Thank you to all the AusCERT members who took the time to complete our survey regarding the security bulletin service we provide. We will use your feedback to further improve the service. The quantity and quality of the response was excellent and it's clear to us how important this service is. To read about the current information security trends and emerging e-security issues, feel free to read the AusCERT Quarterly Trend Report, available to AusCERT members. This report covers both continuing and emerging e-security trends for the period April to June 2012 and is based on open source information and information collected and analysed by AusCERT as part of its work as a computer emergency response team. AusCERT2012 was another great conference and the speakers presentations and/or papers where that have been provided to us are available. To find then simply follow these steps: 1. Go to AusCERT2012 website 2. Click on Speakers in the left hand menu 3. Click on a Speaker's name (eg, Mikko Hypponen) 4. After the abstract you may see the link; "AusCERT2012 Presentation in PDF format" 5. Enjoy! In case you've not already attended to them, here are my top 5 patches/actions for the week: 1) ASB-2012.0103 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities This mega-bulletin including 87 new security fixes could easily be the top 5 recommendations all by itself. Some of the vulnerabilities are quite serious like CVE-2012-3135 for Oracle JRockit. Take the time to see how much of the bulletin will impact on you. There's something for everyone. 2) ESB-2012.0691 - ALERT [Win] HP StorageWorks File Migration Agent: Execute arbitrary code/commands - Remote/unauthenticated A remote execution of code, unauthenticated over the 'net is never good, in this case there is currently no patch available. The HsmCfgSvc.exe service listens by default on TCP port 9111. Urgent mitigation by blocking TCP/9111 on border network devices is recommended. If you can, restrict connections further to only specific trusted devices. 3) ASB-2012.0104 - [Win][UNIX/Linux] Mozilla Firefox, Thunderbird & SeaMonkey: Multiple vulnerabilities Mozilla have patched a collection of security and other bugs. A fresh new browser is always better than one with vulnerabilities. Patch early & patch often. 4) ESB-2012.0680 - [RedHat] sudo: Unauthorised access - Existing account Mentioned a while ago in ASB-2012.0074.2, Redhat have now provided a patch for VE-2012-2337. Sudo is not the kind of thing you want misbehaving. Apply this patch. 5) Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability If Blackboard Mobile Learn v3.0 is an important part of your infrastructure, take the time to contact Blackboard and ask them when a patch for this vulnerability may become available. Happy patching and mitigating, Marco The AusCERT Week in Review is a roundup of the week's notable security advisories, events and AusCERT activities - brought to you by the AusCERT Coordination Centre team. For an extra perspective, follow @AusCERT on Twitter and stay connected to events as they happen. |