Information Security all in one place!

Posts tagged “Technology

Wireless Dual Band USB Adapter; offering 5GHz upgrade


 TP-LINK, a global provider of networking products, today announced its new Wireless Dual Band USB Adapter, enabling users to instantly add a 5GHz upgrade to their notebook or desktop computer without disrupting the existing network. With wireless speeds of up to 300Mbps at 2.4GHz and at 5GHz, this dual band USB adapter is the best companion when upgrading PC or laptop wireless capabilities, specifically when using the 5GHz band to avoid potential interference over the 2.4GHz band.

N600 Wireless Dual Band USB Adapter (TL-WDN3200) – $29.99 – Product Available End of April 2012

  • Compatible with IEEE 802.11b/g/n 2.4GHz and IEEE 802.11a/n 5GHz devices
  • Maximum speed up to 2.4GHz 300Mbps and 5GHz 300Mbps
  • USB 2.0 interface
  • Supports ad-hoc and infrastructure mode
  • Easy wireless security encryption at a push of the WPS button
  • Supports Windows XP 32/64bit, Vista 32/64bit, Windows 7 32/64bit
  • Easy Wireless Configuration Utility

http://www.ereleases.com/pic/TP-LINK.png
http://www.ereleases.com/pic/TP-LINK-2.jpg

Advertisements

Mobile Devices and the Growing Concern


A pile of mobile devices including smart phone...

If you use any type of mobile device in your day to day life….keep reading. Ignorance can only bring you so far!

Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple’s iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.

Related Information: http://www.usatoday.com/tech/news/story/2012-04-08/smartphone-security-flaw/54122468/1

Proof of Concept Video: http://bcove.me/44ip4sgw


Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability


 

 

Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall

 

 


Kaspersky Labs: New Generation of Ultimate PC Protection; for Home


Kaspersky Lab, a leading developer of secure content and threat management solutions today announced a new version of its flagship product for at-home PC protection — Kaspersky PURE 2.0 Total Security. Using Kaspersky Lab’s award-winning anti-malware protection and an array of additional security tools, Kaspersky PURE 2.0 Total Security is the easiest way to keep multiple PCs secure, irreplaceable digital assets protected, and children safe and responsible online.

Central Home PC Management

Ideal for households with multiple computers, including families with children, Kaspersky PURE uses Home Network Management to easily protect, manage and monitor every PC in the household from a single machine.

From one PC, you can:

— Run all scans, updates, and backup tasks on every PC in the house automatically or on-demand

— Fix security issues without getting up from your desk

— Manage parental controls from anywhere in the house, so your kids are protected even when they’re out of view

— Conveniently update the Kaspersky PURE licenses throughout your home

Total Package of Security Tools

Kaspersky PURE also includes everything you need to secure your online identity and protect your irreplaceable digital property. When you install Kaspersky PURE, our extra layers of security mean you can say good-bye to overpriced and inefficient niche products.

This is great work. I am demoing the product now and will post my review shortly. Very excited about how this will shape the home and small business central management landscape. Will vendors pile on?

 

More on this breaking news can be found here: http://www.marketwatch.com/story/kaspersky-lab-announces-new-generation-of-ultimate-pc-protection-for-your-home-2012-03-26


CA ARCServe: DoS Vulnerability


CA ARCserve

CA Technologies is warning that some versions of CA ARCserve Backup for Windows contain a security vulnerability (CVE-2012-1662) that could be exploited by a remote attacker to cause a denial-of-service (DoS) condition to disable network services. According to the company, the bug occurs due to insufficient validation of certain types of network requests.

Versions r12.0, r12.0 SP1, r12.0 SP2, r12.5, r12.5 SP1, r15, r15 SP1 and r16 are affected. CA ARCserve Backup for Windows r12.5 SP2 and r16 SP1 are not vulnerable. Fixes have been released to close the hole.

Further information about the problem, including instructions on how to determine if an installation is affected and download links to patches, can be found in the company’s security advisory.

 

More can be found here from the vendor: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B983E3A52-8374-410A-82BD-B8788733C70F%7D


Cyberoam Unified Threat Management: Insecure Password Handling


CybeRoam Unified Threat Management appliances offer assured security, connectivity and productivity to Small Office-Home Office (SOHO) and Remote Office-Branch Office (ROBO) users by allowing user identity-based policy controls.

Cyberoam UTM integrates with Active Directory. In order to query data from a configured AD, domain credentials are stored within the device. These credentials are retrievable by an authenticated user.

Domain credentials are stored on the device and passed to web clients on a diagnostic page (Identity –> Authentication –> Authentication Server –> /Select Configured AD/ ).  Authenticated clients can thus easily access stored credentials.

A trivial check for this follows (replace cookie value):

curl -s -b “JSESSIONID=u2ur76lhy4qt” -H “Referer: blah”
http:///corporate/webpages/identity/ActiveDirectoryEdit.jsp?__RequestType=ajax&&objectID=1&pageid=pagePopupForm1″|egrep
‘(adminusername|passwdvalue)’

The vulnerability allows a malicious user to access potentially privileged domain credentials. Should default passwords not be changed, then this is a trivial entry point onto a Windows domain.

Systems affected: Severity High

Cyberoam CR50ia 10.01.0 build 678


Joomla! 2.5 Security Update Fixes Vulnerabilities


The Joomla! project has released version 2.5.3 of its open source content management system (CMS). This is a security update that addresses two “High Priority” vulnerabilities.

The first of these is caused by an unspecified programming error which could have allowed a malicious user to gain escalated privileges. The other hole is an error in random number generation when resetting passwords that could be exploited by an attacker to change a user’s password.

Versions 2.5.0 to 2.5.2 as well as all 1.7.x and 1.6.x releases are affected. The developers advise all users to upgrade to 2.5.3 to fix these problems. More details about the update can be found in the official release announcement and in the security advisories. Joomla! 2.5.3 is available to download from the project’s site and is licensed under the GPL.

 

Complete details here: http://www.h-online.com/security/news/item/Joomla-2-5-update-fixes-security-vulnerabilities-1476632.html