pacnog November 2009

pacnog@pacnog.org

12 participants
12 discussions

by Robert Lowe

Greetings, I thought this article might be of interest to the people on this list: Cyber crime danger Monday, November 30, 2009 http://www.fijitimes.com/story.aspx?id=134569 In the story it states that "The Police Force has forecast cyber crimes to increase by 40 to 50 per cent from 2010 to 2012." Are these forecasts based on a study or other research? If so, I'd appreciate a pointer to source, please. Regards, Rob. -- Robert Lowe, Information Security Analyst, AusCERT P: +61 7 3346 4535 W: http://auscert.org.au

12 years, 7 months

Monthly List Reminder

by noreply＠apnic.net

Dear Subscriber, This is the monthly reminder of subscription information for the pacnog list, hosted at APNIC. For subscription information including how to un-subscribe go to http://mailman.apnic.net/mailman/listinfo/pacnog Thank you for participating in this discussion. Kind Regards, List administrator

12 years, 7 months

AusCERT Week in Review - Week Ending 27/11/2009 (AUSCERT#20073f686)

by Paul Fahey

Alerts, Advisories and Updates: ------------------------------- Title: ASB-2009.1143 - [OpenBSD] OpenSSL: Unauthorised access - Remote/unauthenticated Date: 27 November 2009 URL: http://www.auscert.org.au/12018 Title: ASB-2009.1144 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 9.7: Increased privileges - Existing account Date: 27 November 2009 URL: http://www.auscert.org.au/12019 Title: ASB-2009.1145 - [Appliance] Ingate Firewall and SIParator: Multiple vulnerabilities Date: 27 November 2009 URL: http://www.auscert.org.au/12020 Title: ASB-2009.1138.2 - UPDATE [UNIX/Linux] Dovecot: Unauthorised access - Existing account Date: 25 November 2009 URL: http://www.auscert.org.au/11994 Title: ASB-2009.1141.2 - UPDATE [Win][UNIX/Linux] Opera: Multiple vulnerabilities Date: 25 November 2009 URL: http://www.auscert.org.au/12002 Title: ASB-2009.1142 - [Win][UNIX/Linux] WP-Cumulus (WordPress Plugin): Cross-site scripting - Remote/unauthenticated Date: 25 November 2009 URL: http://www.auscert.org.au/12009 Title: ASB-2009.1136.2 - UPDATE [Win][UNIX/Linux] PHP 5.3.1: Multiple vulnerabilities Date: 24 November 2009 URL: http://www.auscert.org.au/11987 Title: ASB-2009.1139.2 - UPDATE [Win][Linux] IBM Rational Software Architect : Cross-site scripting - Remote/unauthenticated Date: 24 November 2009 URL: http://www.auscert.org.au/11995 Title: ASB-2009.1134.2 - UPDATE [UNIX/Linux] libexif: Denial of service - Remote with user interaction Date: 23 November 2009 URL: http://www.auscert.org.au/11961 Title: ASB-2009.1137 - [Win][UNIX/Linux] MySQL Community Server: Provide misleading information - Remote/unauthenticated Date: 23 November 2009 URL: http://www.auscert.org.au/11993 Title: ASB-2009.1140 - [UNIX/Linux] PEAR Mail: Execute arbitrary code/commands - Remote/unauthenticated Date: 23 November 2009 URL: http://www.auscert.org.au/11996 External Security Bulletins: ---------------------------- Title: ESB-2009.1571 - [Win] Symantec: Execute arbitrary code/commands - Remote with user interaction Date: 26 November 2009 OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Windows Server 2008 URL: http://www.auscert.org.au/12017 Title: ESB-2009.1570 - [Solaris][OpenSolaris] LDAP client configuration cache daemon: Denial of service - Existing account Date: 26 November 2009 OS: Solaris URL: http://www.auscert.org.au/12016 Title: ESB-2009.1569 - [Solaris][OpenSolaris] BIND: Provide misleading information - Remote/unauthenticated Date: 26 November 2009 OS: Solaris URL: http://www.auscert.org.au/12015 Title: ESB-2009.1568 - [HP-UX] OpenSSL: Unauthorised access - Remote/unauthenticated Date: 26 November 2009 OS: HP-UX URL: http://www.auscert.org.au/12014 Title: ESB-2009.1567 - [Debian] php5: Multiple vulnerabilities Date: 26 November 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/12013 Title: ESB-2009.1566 - [Debian] poppler: Multiple vulnerabilities Date: 26 November 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/12012 Title: ESB-2009.1565 - [UNIX/Linux][RedHat] kdelibs: Execute arbitrary code/commands - Remote with user interaction Date: 25 November 2009 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD, Other Linux Variants URL: http://www.auscert.org.au/12007 Title: ESB-2009.1564.2 - UPDATE [Solaris][OpenSolaris] Solaris sshd: Denial of service - Remote/unauthenticated Date: 27 November 2009 OS: Solaris URL: http://www.auscert.org.au/12006 Title: ESB-2009.1563 - [Debian] libvorbis: Multiple vulnerabilities Date: 25 November 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/12005 Title: ESB-2009.1562 - [UNIX/Linux][SUSE][OpenSUSE] SUSE packages: Multiple vulnerabilities Date: 25 November 2009 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD, Other Linux Variants URL: http://www.auscert.org.au/12004 Title: ESB-2009.1561 - [Win][UNIX/Linux] BIND: Provide misleading information - Remote/unauthenticated Date: 25 November 2009 OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/12003 Title: ESB-2009.1560 - [Win][OSX] Autodesk Maya: Execute arbitrary code/commands - Remote with user interaction Date: 24 November 2009 OS: Windows XP, Windows Vista, Mac OS X URL: http://www.auscert.org.au/12001 Title: ESB-2009.1559 - [Win] Autodesk 3DS Max: Execute arbitrary code/commands - Remote with user interaction Date: 24 November 2009 OS: Windows Vista, Windows XP URL: http://www.auscert.org.au/12000 Title: ESB-2009.1558 - [Win][Linux] Autodesk SoftImage: Execute arbitrary code/commands - Remote with user interaction Date: 24 November 2009 OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/11999 Title: ESB-2009.1557 - ALERT [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction Date: 23 November 2009 OS: Windows Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP URL: http://www.auscert.org.au/11998 Title: ESB-2009.1556 - [Debian] php-mail: Execute arbitrary code/commands - Remote/unauthenticated Date: 24 November 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/11997 Title: ESB-2009.1555 - [Solaris][OpenSolaris] Transport Layer Security and Secure Sockets Layer 3.0: Unauthorised access - Remote/unauthenticated Date: 23 November 2009 OS: Solaris URL: http://www.auscert.org.au/11992 Title: ESB-2009.1554 - [Win] HP Operations Manager: Unauthorised access - Remote/unauthenticated Date: 23 November 2009 OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Windows Server 2008 URL: http://www.auscert.org.au/11991 Title: ESB-2009.1553 - [Win][VMware ESX][Linux] VMware vCenter, ESX, vMA: Multiple vulnerabilities Date: 23 November 2009 OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux, Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/11990 Title: ESB-2009.1552 - [UNIX/Linux][Debian] gforge: Cross-site scripting - Remote/unauthenticated Date: 23 November 2009 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD, Other Linux Variants URL: http://www.auscert.org.au/11989 Title: ESB-2009.1548.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple vulnerabilities Date: 24 November 2009 OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX, OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX, IRIX URL: http://www.auscert.org.au/11982 Title: ESB-2009.1522.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple vulnerabilities Date: 23 November 2009 OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX, OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX, IRIX URL: http://www.auscert.org.au/11944 Title: ESB-2009.1430.2 - UPDATE [VMware ESX] VMware ESX: Multiple vulnerabilities Date: 23 November 2009 OS: Virtualisation URL: http://www.auscert.org.au/11820 Title: ESB-2009.0696 -- [Win][Netware][Linux] -- HP Data Protector Express: Execute Arbitrary Code Date: 25 November 2009 OS: Novell Netware, Red Hat Linux, Windows XP, Other Linux Variants, Windows 2000, Windows 2003 URL: http://www.auscert.org.au/10989 Title: ESB-2009.0583 -- [UNIX/Linux][Debian] -- gforge: Cross-site Scripting Date: 25 November 2009 OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris URL: http://www.auscert.org.au/11167 Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27 Date: 23 November 2009 OS: Windows Vista, Red Hat Linux, Windows Server 2008, Virtualisation, Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu URL: http://www.auscert.org.au/10543 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert(a)auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

12 years, 7 months

Fwd: [sig-policy] APNIC EC endorses four policy proposals

by Terry manderson

Hi Folks, For those of you who don't follow the APNIC policy lists. prop-073 has been endorsed by the APNIC EC and will be implemented in Q1 2010 (in Feb I believe). You may recall that this policy modifies the initial v6 requirements such that your existing APNIC IPv4 allocation/assignment satisfies the criteria such that (as one person described it to me) you don't have re-write 'War and Peace' to get v6. Cheers Terry Begin forwarded message: > From: Sam Dickinson <sam(a)apnic.net> > Date: 19 November 2009 9:45:51 PM AEST > To: Policy SIG <sig-policy(a)apnic.net> > Subject: [sig-policy] APNIC EC endorses four policy proposals > > ----------------------------------------------------------------------- > APNIC EC endorses four policy proposals > ----------------------------------------------------------------------- > > > Dear colleagues > > The APNIC EC (Executive Council) endorsed the following proposals > at its meeting on 18 November 2009. Minutes from this meeting will be > available after they have been adopted at the December 2009 EC meeting. > > > prop-050: IPv4 address transfers > > prop-073: Simplifying allocation/assignment of IPv6 to APNIC > members with existing IPv4 addresses > > prop-074: Internet Assigned Numbers Authority (IANA) Policy for > Allocation of ASN Blocks to Regional Internet > Registries > > prop-075: Ensuring efficient use of historical AS numbers > > > Next steps > ---------- > > Once the proposal prop-074, "Internet Assigned Numbers Authority (IANA) > Policy for Allocation of ASN Blocks (ASNs) to Regional Internet > Registries", has been adopted by all five RIRs, it can proceed to the > final stages of the global policy development process. For more > information on the global policy development, see: > > http://www.nro.net/policy/index.html#global > > > The three remaining policies in the above list will be implemented by > the APNIC Secretariat during the first quarter 2010. > > For a detailed history of the endorsed proposals, see: > > http://www.apnic.net/policy/proposals > > Regards > > -- > _____________________________________________________________________ > Samantha Dickinson email: sam(a)apnic.net > Policy Development Manager, APNIC sip: sam(a)voip.apnic.net > http://www.apnic.net phone: +61 7 3858 3100 > * sig-policy: APNIC SIG on resource management policy * > _______________________________________________ > sig-policy mailing list > sig-policy(a)lists.apnic.net > http://mailman.apnic.net/mailman/listinfo/sig-policy

12 years, 7 months

PacNOG 6 update & materials

by Philip Smith

Hi everyone, The first week of PacNOG 6 is just about finished. I've put last Monday's presentations and the workshop materials I have gathered so far on to the website at http://www.pacnog.org/pacnog6/. Week 2 of PacNOG 6 starts on Monday at 9am at the Tanoa Intl Hotel in Nadi. We all look forward to meeting those of you who are coming for the second week. As a reminder, the agenda is at http://www.pacnog.org/pacnog6/agenda.pdf. Best wishes! philip --

12 years, 7 months

PITA Website.

by Jerome Rivogani

Does anyone out there not able to get onto the PITA website http://www.pita.org.fj/ as I do? Cheers Jerome

12 years, 7 months

USP ICT Symposium

by Terry Rupeni (ITS-USP)

Hi All, FYI see below. Terry ================================================= SCIMS Mini ICT Symposium and Recruitment Information Session by ICT Companies The School of Computing, Information & Mathematical Sciences proudly announces its first ever Mini ICT Symposium incorporating Computing Science, Information Systems & Mathematics Postgraduate Open Day. On display will be current postgraduate projects, and research areas of academic staff. Information sessions will be organized by the schools' staff and postgraduate student groups. Also, recruitment information sessions will be organized by various ICT companies around Fiji. Venue: USP Gymnasium Date: Monday, 23rd November, 2009 Time: 6 - 9pm A special invitation is extended to all computing science and information systems students completing their undergraduate studies in 2009, and current postgraduate students in CS and IS. For further information, please email Imtiyaz Hussein <mailto:hussein_i@usp.ac.fj> hussein_i(a)usp.ac.fj or Shymal Chandra <mailto:chandra_sh@usp.ac.fj> chandra_sh(a)usp.ac.fj

12 years, 7 months

FYI - Application for India NIR - Call for Comments

by Elly Tawhai

_______________________________________________________________________ Application for India NIR - Call for Comments _______________________________________________________________________ The National Internet Exchange of India (NIXI) has lodged an application for recognition as a National Internet Registry (NIR). If recognized as an NIR, NIXI would be able to offer IP (Internet Protocol) address allocation and other APNIC services at a national level in India. In the interests of openness and transparency, the APNIC Executive Council (EC) requests public review of the NIXI application and has issued a Call for Comments to gauge community support. The EC will accept public or confidential comments until Monday, 30 November 2009 at 17:30 (UTC+10 - Brisbane time). Confidential comments may be: - Emailed to the Executive Secretary of the EC at exec-sec(a)apnic.net - Submitted using the web form at http://www.apnic.net/NIR_Comments Comments may also be made publicly and discussed on the "apnic-talk" mailing list. More information on the list is available at: http://www.apnic.net/mailing-lists The APNIC EC is responsible for evaluating and approving the application, but before the EC can do so, it must be satisfied that NIXI meets the "Criteria for the recognition of NIRs in the APNIC region", as set out in the policy available at: http://www.apnic.net/policy/nir-criteria These criteria require NIXI to: - Demonstrate formal endorsement at the national level by the appropriate government body - Be an independent legal entity with a non-profit structure - Demonstrate a stable funding model - Demonstrate it holds a neutral position - Have the organizational and technical capacity to implement APNIC address management policies For more information, see: http://www.apnic.net/nir _______________________________________________________________________ Paul Wilson, Director-General, APNIC dg(a)apnic.net http://www.apnic.net ph/fx +61 7 3858 3100/99 _______________________________________________________________________

12 years, 7 months

Making Allocations from 175/8 and 182/8 soon

by Elly Tawhai

_______________________________________________________________________ Making Allocations from 175/8 and 182/8 soon _______________________________________________________________________ Hi PACNOG Community, In August 2009, APNIC received two IPv4 address blocks from IANA. These were: - 175/8 - 182/8 Reachability and routability testing is now complete and exceeds 96% for all prefixes. APNIC will soon be allocating from these prefixes. Please update your routing filters and network configurations accordingly. Please also double-check and release any blacklisted IP addresses from the above ranges, as they now represent fresh /8 blocks. Thank you for your cooperation. If you have any questions, please contact the APNIC helpdesk: helpdesk(a)apnic.net Kind regards, Elly ------------------------------------------------------------------------ Elly Tawhai email: elly(a)apnic.net Senior Internet Resource Analyst/ sip: elly(a)voip.apnic.net Liaison Officer(Pacific), APNIC phone: +61 7 3858 3188 http://www.apnic.net fax: +61 7 3858 3199 ------------------------------------------------------------------------

12 years, 7 months

PacNOG 6 starts on Monday

by Philip Smith

Hi everyone, Just a reminder that PacNOG 6 starts on Monday at the Tanoa International Hotel, in Nadi, Fiji. Agenda and other useful information is posted on the PacNOG website - http://www.pacnog.org/pacnog6/. For those of you coming, hope to see you on Monday! Best wishes, philip --

12 years, 7 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

pacnog November 2009