Cisco Fixes Vulnerability
Cisco Systems Inc. has disclosed that a vulnerability in Versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus is incorrectly configured. TACACS+ authentication is disabled by default, and a device correctly configured for TACACS+ authentication is not affected by this vulnerability. Cisco has made free software available to address the vulnerability, and work-arounds are available to mitigate the effects of the flaw. An advisory is available on Cisco's Web site.
Security Bookshelf
Real Digital Forensics: Computer Security and Incident Response, by Keith J. Jones, Richard Bejtlich and Curtis W. Rose (Addison-Wesley Professional, 2005).
I used to do a significant amount of forensics work, and I always yearned for a book as comprehensive as this one on the subject. The authors cover all the most pertinent topics, from open-source tools, such as the Coroners Toolkit, to one of my favorite commercial products, EnCase. The book is packed with tricks, tips and sample Perl scripts to address common problems, and an accompanying DVD lets the reader practice on real data.
-- Mathias Thurman
