Astiostech – Blog, News and Updates
#TeamOpenSourceMalaysia
ISA Server is the ONLY FIREWALL THAT I KNOW today that supports authentication for almost all WINSOCK compliant protocols if you use Windows Operating System. 2. ISA Server stores frequently used caches in memory 3. ISA Server contain out of the box a bunch of … “Top 5 reasons why i would like to implement ISA Server 2006 as my outgoing proxy/firewall”
Read MoreThere’s a possible bypass for authentication when LDAP is used for Chap/MsChap in Cisco’s VPN. An attacker can access your internal network without providing authentication at all. This is quite serious to those running LDAP on PIXes and ASAes. So far, as i can remember … “Multiple Vulnerabilities with Cisco’s PIX and ASA”
Read MoreOk, lets start making it clear who the initiator (SRC) and receiver (DST) are. SRC is the person/computer who wants to talk to you and makes the first attempt to do so. Receiver is the person who will either respond to the attempt made by … “ISA server’s incoming vs outgoing IP (and SMTP Reverse Lookup)”
Read MoreIn a recent ISA Server 2006 Level 400 class, we discussed a vulnerability on Exchange server that could lead to remote code execution. The particular remote attack is listed in CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213 and rated high in it’s severity. If you have customers or run Exchange … “URGENT! – Serious security flaws with all Microsoft Exchange versions”
Read MoreWas doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention. These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support). Quicktime- A vulnerability that allows … “Vulnerabilities on Quicktime and Asterisk”
Read MoreHere’s a piece of software i must blog about, its called Fring. I just got a Nokia N80 recently and of course, i wanted to stuff the phone like what we did to the turkey in Christmas, but with software. The company i work for … “Fring Me (Asterisk and Nokia Symbian special mention)”
Read MoreSome people in the middle eastern parts of the world including Pakistan have been shaken by phone SMS messages warning them about the existence of a phone to human virus. This hoax, just like many we JUNK in Outlook, had forced public figures to release … “Idiocracy Alert – Phone to Human virus”
Read MoreLook out Flash, here’s come another ray of light, called Silverlight. Silverlight is Microsoft’s answer to rich web applications which previously dominated by Macromedia Flash. I tried some of the samples, looks like it can do pretty much what Flash can, like, play games, watch … “Every cloud has a Silverlight”
Read MoreIt comes as no surprise that the exploitation of the MS DNS issue is out and around. According to Symantec, this particular worm executes several vulenrability checks (much like a security scanner) and exploits those that are vulnerable. In short, the process is completely automated … “W32.Rinbot – Exploitation of Windows DNS and other vulnerabilities”
Read MoreMy previous post talks about the DNS vulnerability and now the exploit codes are available and are being used already to VERY EASILY EXPLOIT DNS servers especially within an organization (typically). No one in their right mind would publish RPC over the internet, right.., right..!!?? … “WARNING – DNS Zero day exploit code is public”
Read More