Yes, but so far, it's not cooperating in Chrome or FF...
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Thu, Jan 31, 2013 at 6:35 PM, Kurt Buff <[email protected]> wrote: > That page has the download link on it. > > > On Thu, Jan 31, 2013 at 3:24 PM, Andrew S. Baker <[email protected]>wrote: > >> Are you actually able to download via that link? >> >> >> >> >> >> *ASB >> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* >> **Providing Virtual CIO Services (IT Operations & Information Security) >> for the SMB market…*** >> >> >> >> >> >> On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward <[email protected]>wrote: >> >>> >>> http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp >>> **** >>> >>> ** ** >>> >>> Nice detection utility which will help out the home users. **** >>> >>> ** ** >>> >>> Z**** >>> >>> ** ** >>> >>> Edward E. Ziots, CISSP, Security +, Network +**** >>> >>> Security Engineer**** >>> >>> Lifespan Organization**** >>> >>> [email protected]**** >>> >>> ** ** >>> >>> This electronic message and any attachments may be privileged and >>> confidential and protected from disclosure. If you are reading this >>> message, but are not the intended recipient, nor an employee or agent >>> responsible for delivering this message to the intended recipient, you are >>> hereby notified that you are strictly prohibited from copying, printing, >>> forwarding or otherwise disseminating this communication. If you have >>> received this communication in error, please immediately notify the sender >>> by replying to the message. Then, delete the message from your computer. >>> Thank you.**** >>> >>> *[image: Description: Description: Lifespan]* >>> >>> ** ** >>> >>> ** ** >>> >>> *From:* Ziots, Edward [mailto:[email protected]] >>> *Sent:* Thursday, January 31, 2013 1:04 PM >>> >>> *To:* NT System Admin Issues >>> *Subject:* RE: Ouch - UPnP >>> *Importance:* High**** >>> >>> ** ** >>> >>> Cross post from Bugtraq, **** >>> >>> ** ** >>> >>> DefenseCode Security Advisory**** >>> >>> http://www.defensecode.com/**** >>> >>> ** ** >>> >>> ** ** >>> >>> Broadcom UPnP Remote Preauth Root Code Execution Vulnerability**** >>> >>> ** ** >>> >>> ** ** >>> >>> Advisory ID: DC-2013-01-003**** >>> >>> Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution >>> Vulnerability Advisory URL: >>> http://www.defensecode.com/subcategory/advisories-28**** >>> >>> Software: Broadcom UPnP software**** >>> >>> Vulnerable: Multiple router manufacturers Vendor Status: Vendors >>> contacted Initial Release Date: 2013-01-15 Release Date Postponed To: >>> 2013-01-31**** >>> >>> Risk: Critical**** >>> >>> ** ** >>> >>> ** ** >>> >>> ** ** >>> >>> 1. General Overview**** >>> >>> ===================**** >>> >>> ** ** >>> >>> During the security evaluation of Cisco Linksys routers for a client, we >>> have discovered a critical security vulnerability that allows remote >>> unauthenticated attacker to remotely execute arbitrary code under root >>> privileges.**** >>> >>> Upon initial vulnerability announcement a few weeks ago Cisco spokesman >>> stated that only one router model is vulnerable - WRT54GL.**** >>> >>> We have continued with our research and found that, in fact, same >>> vulnerable firmware component is also used in at least two other Cisco >>> Linksys models - WRT54G3G and probably WRT310N. Could be others.**** >>> >>> ** ** >>> >>> Moreover, vulnerability turns out even more dangerous, since we have >>> discovered that same vulnerable firmware component is also used across many >>> other big-brand router manufacturers and many smaller vendors.**** >>> >>> ** ** >>> >>> Vulnerability itself is located in Broadcom UPnP stack, which is used by >>> many router manufacturers that produce or produced routers based on >>> Broadcom chipset.**** >>> >>> We have contacted them with vulnerability details and we expect patches >>> soon. However, we would like to point out that we have sent more than 200 >>> e-mails to various router manufacturers and various people, without much >>> success.**** >>> >>> ** ** >>> >>> Some of the manufacturers contacted regarding this vulnerability are >>> Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so >>> on.**** >>> >>> Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom >>> UPnP chipset. You can check how many manufacturers use Broadcom chipset* >>> *** >>> >>> here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or >>> bcm).**** >>> >>> ** ** >>> >>> We don't know exactly how many of them are affected, since we were >>> unable to contact all of them, but we suspect there are probably tens of >>> millions vulnerable routers out there.**** >>> >>> ** ** >>> >>> ** ** >>> >>> Edward E. Ziots, CISSP, Security +, Network +**** >>> >>> Security Engineer**** >>> >>> Lifespan Organization**** >>> >>> [email protected]**** >>> >>> ** ** >>> >>> This electronic message and any attachments may be privileged and >>> confidential and protected from disclosure. If you are reading this >>> message, but are not the intended recipient, nor an employee or agent >>> responsible for delivering this message to the intended recipient, you are >>> hereby notified that you are strictly prohibited from copying, printing, >>> forwarding or otherwise disseminating this communication. If you have >>> received this communication in error, please immediately notify the sender >>> by replying to the message. Then, delete the message from your computer. >>> Thank you.**** >>> >>> *[image: Description: Description: Lifespan]* >>> >>> ** ** >>> >>> ** ** >>> >>> *From:* David Lum [mailto:[email protected] <[email protected]>] >>> *Sent:* Thursday, January 31, 2013 12:37 PM >>> *To:* NT System Admin Issues >>> *Subject:* RE: Ouch - UPnP**** >>> >>> ** ** >>> >>> See the thread called “Shocking? Somehow, not...”**** >>> >>> ** ** >>> >>> Having a more descriptive subject line like yours is far too logical J** >>> ** >>> >>> ** ** >>> >>> *From:* N Parr [mailto:[email protected] <[email protected]>] >>> *Sent:* Thursday, January 31, 2013 9:30 AM >>> *To:* NT System Admin Issues >>> *Subject:* Ouch - UPnP**** >>> >>> ** ** >>> >>> >>> http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757&s_cid=e757 >>> **** >>> >>> **** >>> >>> Guess it would mostly affect home users but they are going to be the >>> ones who would never hear about it for be able to fix it.**** >>> >>> **** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin**** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin**** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin**** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
