Current Stories
PermaLink Sophos UTM Up2Date 9.204020 package08/01/2014 04:39 PM
 
Image:Badkey Corner - Sophos UTM Up2Date 9.204020 package

We just did the upgrade. System Version:  Sophos UTM 9.204020

Sophos UTM Home Edition
Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached.
It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process.
More @ http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

News
· Bugfix Release
· Enhancement: WAF: Allow to configure connection timeout per backend
· Enhancement: WAF: Add "id" field to log lines
· Enhancement: SSL VPN: Log traffic volume on connection close

Remarks
· System will be rebooted
· Configuration will be upgraded
· Connected Wifi APs will perform firmware upgrade
· Connected RED devices will perform firmware upgrade

Bugfixes
22468 HTML5 iptables rule doesn't match for IPSec-routed hosts
24091 RED [RED10, RED50]: prevent RED50 from being deployed as RED10 and vice versa
24679 Rescan for Virus when releasing Quarantine Message
28973 [ALPHA] SPX: Attachment names character encoding error during PDF generation
29252 [BETA] Improve logging of SPX encryption
29446 [BETA] DLP: inconsistent dlp action identifier
30320 WiFi: Client list lacks some data for clients not seen for a long time
30640 Messages with reason "sender_blacklist" cannot be written to quarantine
31131 UTM525r5 declared as software after copper module replacement [9.2]
31174 Google Play store downloads should bypass the download patience page
31357 [SR] IPS Rule Age not available for Subnodes
31518 [9.2] Regression from V8: Recipient Verification against AD not working with LDAP-SSL
31536 If a Endpoint client with WebControl is behind a UTM it doesnt belong to or is no UTM managed Endpoint at all surfing gets slow
31560 NTP for offline provisioned REDs
31568 Winbind failed to accept socket - Too many open files [9.2]
31578 Avira Scanner can not scan pop3 mail, Error index out of bound [9.2]
31599 coredump of vpn-reporter due to not parsing the username correctly
31608 Websec reporting didn't work correctly after update to v9.201
31671 changing time steps of individual OTP tokens results in authentication failure
31691 Support IP address for SMC-Server
31696 Kernel panic after adding new Access Point
31750 Upload of exe files via waf results in segmentation fault of reverseproxy
31785 netselector does not write server sorted correctly
31792 selfmon too agressive about ctasd_inbound_mem_usage counter and ctasd_inbound_mem_usage counter
31837 kernel NULL pointer deref at nf_nat_setup_info+0x299/0x61f [nf_nat]
31878 Default exception for chrome updater/installer [9.2]
31889 Reduce exceptions for Firefox Update [9.2]
32010 Packetfilter rules are not visible in webadmin when IE is used and version 9.202 is installed
32067 Workaround for software updates/ downloads via download manager

More @https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/52975-utm-9-204-soft-release.html

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse

Technorati:
PermaLink FRITZ!OS: New Firmware 6.0505/29/2014 09:24 PM
 



A new FRITZ!OS 06.05 is available for your FRITZ!Box Fon WLAN 7360.
You are currently using FRITZ!OS version 06.04.

For information about the new features included in the new FRITZ!OS, go to:

ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7360_v2/firmware/english/info.txt


New Features
  • Security: removes possibility for unauthorized access to FRITZ!Box. Please check for important information here: http://www.avm.de/en/Sicherheit
  • added Dialplan for New Zealand
  • New with FRITZ!OS 6:
  • Wireless LAN Guest Access new as "private hotspot"
  • Ready for vectoring
  • Parental control with shared budget for multiple devices
  • Improved and expanded push services with automatic email notifications
  • New MyFRITZ! access to answering machine, Smart Home and FRITZ!NAS for mobile devices
  • Smart Home functionality now even more convenient and with more information
  • FRITZ!Fon with media player and much more
  • Easier VPN setup, optimized for iOS tablets and smartphones



Image:Badkey Corner - FRITZ!OS: New Firmware 6.05

Download FRITZ!OS 6.04 at:
ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7360_v2/firmware/english/


Technorati:
PermaLink IBM Notes and the Heartbleed Bug.05/22/2014
 
 
IBM Notes & Domino are not vulnerable to OpenSSL "Heartbleed" bug (CVE-2014-0160)

The Heartbleed Bug
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

More @heartbleed.com

Abstract
Information is circulating describing a method called "Heartbleed," which exploits a vulnerability caused by a design error in OpenSSL. This technote provides confirmation that IBM Notes and Domino are not susceptible to the Heartbleed attack.

Content
IBM Notes and Domino are not vulnerable to the Heartbleed bug because they do not use OpenSSL as the basis of the SSL stack in the products. Note that this includes both the Domino SSL stack as well as the TLS implementation supported by the IBM HTTP Server in 9.0. Notes Traveler is also not affected.

For more information on the Heartbleed bug, including a Q&A, go to
http://www.heartbleed.com.

Related information
CVE-2014-0160
OpenSSL vulnerabilities do not apply to IHS
A simplified Chinese translation is available

More @ibm.com/support/docview.wss?uid=swg21669782

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g04/20/2014 11:54 PM
 



On Monday, April 7th 2014, an OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild since March of 2012 and is patched with OpenSSL version 1.0.1g released on April 7th 2014. OpenSSL Severe Vulnerability in TLS Heartbeat Extension (CVE-2014-0160)

The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised. Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions. Important: openssl security update. RHSA-2014:0376-1

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

Read more on the Social Networks. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

We'll show you how to update your systems with a secure version of OpenSSL, revoke any insecure SSL certificates, and test whether you are vulnerable or not.

Checking your Version Numbers. You should check your version of OpenSSL after you have updated your system.

While OpenSSL version 1.0.1g is the official fix of this problem, the version that fixes this for different distributions and releases may vary. Some releases and distributions patched their older versions to fix the problem, rather than releasing an entirely new version into an older, stable ecosystem. Because of this reason, it is best to check through your distribution's packaging system, since the openssl version command might not reflect the information we need.

CentOS and Fedora Releases and Fix Versions:
For CentOS and Fedora systems, you can query the version of the OpenSSL package installed on your system by typing:
rpm -q -a | grep "openssl"

You should receive output that looks like this:
openssl-1.0.1e-16.el6_5.7.x86_64

For CentOS, here are the releases and the minimum versions of OpenSSL that must be applied to protect future SSL interactions. We will take the architecture off the end in our list:
CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
CentOS 6: openssl-1.0.1e-16.el6.5.7

CESA-2014:0376 Important CentOS 6 openssl Update
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

CentOS Errata and Security Advisory 2014:0376 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html

YUM Update:
openssl         x86_64  1.0.1e-16.el6_5.7            
kernel-firmware noarch  2.6.32-431.11.2.el6      

More @digitalocean.com

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Heartbleed Security Bug fixes for VMware04/20/2014 12:58 PM
19 April, 2014.

It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience: Time to update, but before you do… if you are using NFS based storage make sure to read this first before jumping straight to vSphere 5.5 U1a!

More @yellow-bricks.com

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Sophos UTM Up2Date 9.201023 package04/11/2014 12:14 AM
 
We just did the upgrade.

System Version:  Sophos UTM 9.200-11

News:
Official 9.2 GA Release - update from 9.200.  Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)

Bugfixes:
 Fix [28439]: vpn site2site overwiev is missing ipsec respondOnly connections
 Fix [28953]: Object Changelog PopUp can not be closed in IE9
 Fix [29356]: [BETA] RED50 reconnects all the time
 Fix [29419]: [BETA] Web Policy tester and http.log do not display modifications by local site list
 Fix [29501]: Transparent AD SSO conflicts with WAF (port 80)
 Fix [29748]: [BETA] changing OTP has no effect on WAF
 Fix [29843]: [BETA] Changing AV Scanners cause memory spikes in http proxy
 Fix [30389]: [BETA] http cache fills up partition
 Fix [30441]: [BETA] SPX encryption has higher priority than SMIME or PGP encryption
 Fix [30446]: [BETA] SPX: some characters in mail subject lead to broken subject in pdf
 Fix [30561]: [BETA] Username with \ is seen in sAMAccountName with \\
 Fix [30571]: Add option to disable OTP for Webadmin/SSH from front panel LCD of UTM appliance
 Fix [30637]: [BETA] Handling Filter actions used in multiple policies
 Fix [30701]: [BETA] SPX: labels of original message are not correctly encoded in spx reply
 Fix [30723]: RED 10 stops working while handling large packets
 Fix [30869]: [BETA] DLP: Region selector of "Sophos CCL Rules" doesn't show the first element
 Fix [30898]: OTP: Token may be created for wrong user if remote/local user differ in case
 Fix [30925]: SPX: character sets other than UTF-8 break PDF and portal
 Fix [30934]: Incorrect Certificate used during Transparent HTTPS
 Fix [30940]: Wireless: Some SSIDs are shown as HASH(...) in WebAdmin
 Fix [30945]: ATP Dashboard Link & Reporting Issue (72h not visible)
 Fix [30949]: smtp scanner dies in combination with SPX and regular email encryption
 Fix [30951]: Outgoing mails get quarantined as "UNSCANNABLE" although "Quarantine unscannable and encrypted content" is disabled
 Fix [31368]: CVE-2014-0160: TLS heartbeat read overrun [9.2]

RPM packages contained:
 libaio-0.3.109-0.1.46.1123.g533121f.rb1.i686.rpm  
 libopenssl1_0_0-1.0.1g-1.1.0.162384817.g6fb2a0a.rb1.i686.rpm
 libopenssl1_0_0_httpproxy-1.0.1g-1.1.0.162384817.g6fb2a0a.rb1.i686.rpm
 libsaviglue-9.20-8.gf151022.i686.rpm              
 libudev0-147-0.84.1.1204.gafeab2c.i686.rpm        
 client-openvpn-9.20-6.g8b06b8a.noarch.rpm        
 cm-nextgen-agent-9.20-30.ge5cc2d9.i686.rpm        
 csync2-1.34-16.g6441592.i686.rpm                  
 ddclient-3.8.1-19.gc92ba51.noarch.rpm            
 ipv6-aiccu-20070115-22.g3a8bc92.rb2.i686.rpm      
 ipv6-hurricane-9.20-2.g0ad29e1.i686.rpm          
 irqd-0.7.0-1.0.159644070.g559c8c7.i686.rpm        
 modsecurity2-2.7.3-217.g3aac31f.i686.rpm          
 modurlhardening-9.20-105.gdd9c494.i686.rpm        
 openssl-1.0.1g-1.1.0.162384817.g6fb2a0a.rb1.i686.rpm
 perf-tools-3.8.13.15-111.g2bc35f6.i686.rpm        
 perl-IO-Socket-INET6-2.72-1.0.g8ae5623.rb1.noarch.rpm
 postgresql92-9.2.7-0.158345058.gf297d3f.i686.rpm  
 red-firmware2-3047-0.g0f89c54.noarch.rpm          
 udev-147-0.84.1.1204.gafeab2c.i686.rpm            
 utm-lcd-0.6-0.160585403.gdd50b97.i686.rpm        
 ep-reporting-9.20-50.g5038097.i686.rpm            
 ep-reporting-c-9.20-29.g8fe8de6.i686.rpm          
 ep-reporting-resources-9.20-50.g5038097.i686.rpm  
 ep-aua-9.20-21.geb23e00.i686.rpm                  
 ep-awed-9.20-12.ged755a7.i686.rpm                
 ep-awetools-9.20-0.160496936.g56cf6c5.i686.rpm    
 ep-branding-ASG-afg-9.20-15.g95ad6c2.noarch.rpm  
 ep-branding-ASG-ang-9.20-15.g95ad6c2.noarch.rpm  
 ep-branding-ASG-asg-9.20-15.g95ad6c2.noarch.rpm  
 ep-branding-ASG-atg-9.20-15.g95ad6c2.noarch.rpm  
 ep-branding-ASG-aug-9.20-15.g95ad6c2.noarch.rpm  
 ep-confd-9.20-277.gd2828a7.i686.rpm              
 ep-epsecd-9.20-8.g2b9a152.i686.rpm                
 ep-ha-9.20-10.g23d774e.i686.rpm                  
 ep-ha-daemon-9.20-12.gd43cf6f.i686.rpm            
 ep-hardware-9.20-25.g43085a0.i686.rpm            
 ep-hotspot-web-9.20-3.gbc6c5cb.i686.rpm          
 ep-init-9.20-15.g4ae830a.noarch.rpm              
 ep-ipsctl-0.5-0.160568320.g1b4e2e1.noarch.rpm    
 ep-libs-9.20-54.gafa5533.i686.rpm                
 ep-localization-afg-9.20-10.gced13ea.i686.rpm    
 ep-localization-ang-9.20-10.gced13ea.i686.rpm    
 ep-localization-asg-9.20-10.gced13ea.i686.rpm    
 ep-localization-atg-9.20-10.gced13ea.i686.rpm    
 ep-localization-aug-9.20-10.gced13ea.i686.rpm    
 ep-mail-templates-9.20-6.g280effa.noarch.rpm      
 ep-mdw-9.20-178.g9374392.i686.rpm                
 ep-raidtools-9.20-42.g6ceb7d8.i686.rpm            
 ep-red-9.20-21.gecf46fa.i686.rpm                  
 ep-screenmgr-9.20-0.gfa1fd0b.rb57.i686.rpm        
 ep-spx-auth-9.20-1.g90293a3.i686.rpm              
 ep-webadmin-9.20-349.gc2b1337.i686.rpm            
 ep-webadmin-contentmanager-9.20-27.g773d6f7.i686.rpm
 ep-webadmin-spx-9.20-4.gf5c4d08.i686.rpm          
 ep-wireless-firmware-5020-0.g5078652.i586.rpm    
 ep-chroot-smtp-9.20-107.g1754b76.i686.rpm        
 ep-chroot-pop3-9.20-2.gcfbe315.i686.rpm          
 ep-httpproxy-9.20-79.gbea8874.i686.rpm            
 kernel-smp-3.8.13.15-111.g2bc35f6.i686.rpm        
 kernel-smp64-3.8.13.15-111.g2bc35f6.x86_64.rpm    
 ep-release-9.201-23.noarch.rpm                    

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Sophos UTM Firewall Release 9.204/04/2014
 
We just did an upgrade to Firmware version: 9.200-11 on VMware ESX.
Release notes: UTM 9.200 Soft-Released (02-26-2014) @
astaro.org

Update to 9.200:

Major Features:
• Web: New UI policy model
• Mail: SPX encryption support
• Mail: DLP support
• Network: Botnet/C&C traffic detection and blocking
• Network: Major IPS performance improvements
• Authentication: Dual-factor authentication with OATH TOTP
• WAF: Authentication support

Smaller Features:
• Web: AD SSO in transparent mode
• Web: Warn action
• Web: Transparent HTTPS filtering w/o full SSL scanning
• Web: URL categorization override
• Web: PUA blocking
• Web: Enhanced log search
• Web: Policy tester
• Web/Endpoint: Web Control for SEC-managed endpoints
• Endpoint: Proxy support for LiveConnect
• Wifi: Hotspot: Fully customizable login page
• Wifi: Hotspot: Fully customizable vouchers
• Wifi: Hotspot: New hotspot type with authentication against UTM/Backends
• RED: optional tunnel compression
• RED: RED50: improve LCD output
• RED: RED50: VLAN configuration for switch ports
• WAF: Extended threat filtering
• WAF: Fallback hosts
• WAF: HTTP to HTTPS redirection
• Network: Support more DynDNS providers

From @download.astaro.com/UTM/v9/virtual_appliance/README.txt  (2014-Mar-04 )

Dear customer, thank you in your interest in the Sophos virtual UTM appliance.

We have decided to discontinue to provide a dedicated pre-compiled virtual UTM machine for VMware due to the limitations and restrictions this had for our customers which used this virtual machine. No matter how we configure and pre-install that virtual UTM machine, there are always customers which need a kind of customization, and it's difficult to change some of these parameters on a already existing virtual machine belated. So we think that it makes more sense for all of the customers to install the UTM software with their personal configuration on their own instead of using a pre-compiled  virtual machine which is difficult to parametrize.

To be clear: the support of Sophos UTM for virtual platforms like VMware ESX, Microsoft HyperV or Citrix XEN has NOT been discontinued. It´s just the fact that we don´t provide any more pre-installed pre-parametrized VMware machines. You are much more flexible in using our UTM solution by considering the following.

It is just a matter of some minutes to install you fully self-parametrized UTM in your virtual platform.

Please follow these steps:
- go to the same server you found this README.TXT, but from directory /UTM/v9/software_appliance/iso (don't use the files in directory smart_installer)
- download the ISO file you want to install (e.g. "asg-9.107-33.1.iso")
- create a new virtual machine in your virtualization   platform. customize it appropriate to your needs
- if asked for the type of your operating system, select "Linux 64 bit", "SUSE Linux Enterprise 11 64 bit" or similar
- as a rough guideline, we recommend at least: 2 CPUs (cores), 4 GB   RAM, 100 GB of disk space, and 2 NICs, 1 CDROM. For non-productive environments (evaluation/test machines), you can downsize of course
- it is no problem to add afterwards (also if the UTM already was running) CPUs, RAM, or NICs. It's not possible to resize the harddisks afterwards.
- for the NICs we recommend to use VMXNET3 drivers in VMware, or optionally E1000 drivers. DO NOT USE "FLEXIBLE" NICS  - it may lead to severe performance issues.
- mount the downloaded ISO file into the virtual CDROM

Now turn on your virtual machine and boot from the virtual CDROM. The UTM installer will come up. Go through the installer options and
screens and make the appropriate selections. If finished, the installation will begin.

THE INSTALLER DETECTS AUTOMATICALLY WHICH TYPE OF VIRTUALIZATION PLATFORM IS USED AND WILL INSTALL THE CORRECT DRIVERS/KERNEL MODUELS, LIKE VMWARE TOOLS ETC.

After the installation has finished and the UTM is rebooted, you can access the system by connecting to the Webadmin port 4444 on the NIC and IP you configured during the installation.

Dutch: Sophos UTM 9.2

Virtual Security is trots om Sophos UTM 9.2 te mogen aankondigen.

De ontwikkelaars van Sophos hebben de laatste maanden hard gewerkt aan het maken van UTM 9.2 de grootste Sophos release tot nu toe. UTM 9.2 heeft een verbazingwekend aantal nieuwe mogelijkheden. Op dit moment is UTM 9.2 als Beta beschikbaar voor iedereen die deze nieuwe versie wil testen. Zoals altijd is deze UTM firewall voor thuisgebruikers gratis. Virtual Security heeft ook de mogelijkheid om voor bedrijven een trial licentie te verzorgen.
Source: @virtualsecurity.nl/nieuws

Hierbij een overzicht van de nieuwe mogelijkheden:
  • Advanced Threat Protection (APT)
Een van de nieuwe features voor UTM 9.2 is de toevoeging van Advanced Thread Protection (APT) door Sophos UTM te integreren met Sophos Labs de is de Sophos UTM op de hoogte van wereldwijd actieve botnets en de bijbehorende command & control sites. Een Command en Control Site is de besturingsserver van een botnet. Door verkeer naar deze site te blokkeren wordt de communicatie van het botnet platgelegd en zullen interne servers of clients hier niet actief aan deelnemen. Daarnaast rapporteert de Sophos UTM welke interne PC's of servers geinfecteerd zijn met botnet malware zodat er verdere actie ondernomen kan worden om deze te verwijderen. Bijvoorbeeld door Sophos UTM endpoint te installeren op deze pc's.
Deze feature is beschikbaar in de Network Protection subscriptie en in de Fullguard van de Sophos UTM
  • Intrusion Protection System (IPS) Snelheid.
De IPS functionaliteid van de Sophos UMT is na een grondige optimalisatie sterk verbeterd. Dit is gerealiseerd door algemene verbeteringen in het IPS systeem maar ook door UTM Hardware specifieke optimalisatie te implementeren. Daarnaast is er een "pattern aging systeem" toegevoegd zodat er geen performance verloren gaat aan oude IPS regels. Dit is naar wens te configureren.
  • One-Time Password (OTP) / Two-Factor Authentication (2FA)
Een nieuw systeem is geimplemnteerd om sterke authenticatie te ondersteunen met behulp van de Goolge Authenticatior. Hierdoor kunnen gebruikers onderandere met Sterke authenticatie aanloggen op de Webadmin, Userportal en VPN. Daarnaast is het mogelijk om tokens die gebruikmaken van OATH en TOTP te gebruiken.
  • Nieuwe gebruikers interface voor Web Protection. 
De gebruikers interface voor Web Protection is volledig vernieuwd. Het is nog eenvoudiger om policies te maken en toe te kennen en te veranderen. Het is nu ook mogelijk om op gebruikers niveau policies te gebruiken. Ook is het mogelijk om device authenticatie te gebruiken zodat Sophos webprotection nog krachtiger is toe te passen.
  • Transparente Mode with Active Directory Single Sign On Authenticatie.
Het is nu mogelijk om met Web Protection in transparente modus te gebruiken met Active Directory SSO. Hierdoor zijn er geen proxysettings nodig op de clients en dit geeft dezelfde voordelen als dat je normaal zou hebben als je AD single-sign gebruikt op een explicit proxy.
  • Reverse Authentication (Authentication Offloading) voor Web Server Protection. 
Een compleet nieuw authenticatie mechanisme is toegevoegd aan Web Server Protection welke gebruik kan maken van basic authenticatie en form-based authenticatie. Hierdoor is het mogelijk om gebruikers hier tegen te laten authenticeren en indien geautoriseerd door te sturen naar de desbetreffende server. Bijvoorbeeld een webserver of Microsoft OWA.
  • Live AV Lookups en Sandbox Execution via Sophos Labs (Catchy Name still in the Works!)
Als Web Protection met de Sophos AV engine enabled is is er een nieuwe mogelijkheid om de optie "live cloud checksum lookups from Sophos Labs" te gebruiken. Lookups die falen zullen gescanned worden door de AV Engine. Lookups die "schoon"bevonden zijn zullen lokaal niet worden gescanned waar door de AV scanning sneller is. File checsums die onbekend zijn bij het wereldwijde netwerk van Sophos labs zullen als sample worden aangeboden en zal een verdere analyse plaats vinden door de files in een Sandbox te starten en het gedrag te analyseren.
  • Fully Transparent HTTPS Filtering
De Sophos UTM kan nu URL filtering doen op HTTPS sites zonder gebruik te maken van de huidige man-in-middle “full” HTTPS scanning engine. Door gebruik te maken van SNI ( Server Name Indication ) wordt de URL (of IP als de URL niet beschikbaar is) uit de HTTPS session onttrokken en gecontroleerd tegen de URL database.  
  • SPX One-Way Message Encryption
Sophos UTM 9.2 ondersteund nu een richtings encryptie van email berichten naar ontvangers die niet in het bezit zijn van een vertrouwd encryptie systeem zoals de reeds gesupporte encryptie via PGP of s/Mime. Een nieuwe optie bij Mail Protection is “SPX Encryption”. Dit is een richting mail encryptie gebaseerd op Secure PDF eXchange (SPX). Gebruikers kunnen uitgaande berichten encrypteren welke vervolgens worden verpakt in een encrypted PDF welke kunnen worden gelezen door de ontvanger als ze het wachtwoord weten.
  • Data Leakage Protection (DLP)
Een nieuw systeem voor Data Leakage Protection is toegevoegd aan mail protection welke door e-mails en bijlagen scant naar data die het bedrijf niet mag verlaten. Het is mogelijk om op categorie te filteren per regio met parameters zoals creditcard, bankrekening, adressen, telefoonnummers en meer dan 200 andere parameters.
Naast bovenstaande veranderingen in Sophos UTM 9.2 zijn er ook nog een aantal kleinere wijzigingen. De volgende zaken zijn ook toegevoegd of verbeterd.
  • Google Application Control
  • Background Active Directory Synchronization Option
  • Enhanced Web Log Searching
  • Fully Customizable Wireless Hotspot Pages 
  • RED Tunnel Compression
  • Web Protection Policy Testing Tool.
  • Authentication Method by Device Type
  • Local Site Reclassification Listing
  • More Detailed HTTP Logging
  • Web Control Integration with Sophos Enterprise Console
  • Potentially Unwanted Application (PUA) Blocking
  • HTTPS End-User Block Pages
  • Multi-domain Active Directory user support
Kortom Sophos UTM 9.2 is de oplossing om Microsoft ISA server of Microsoft TMG te vervangen.
Source: @virtualsecuritynl.blogspot.nl

More @download.astaro.com/UTM/v9/software_appliance/iso/

Image:Badkey Corner - Sophos UTM Firewall Release 9.2

The Badkey Team

Technorati:
PermaLink Crossware Mail Signature for IBM Domino and Microsoft Exchange04/03/2014 11:54 PM
 




Crossware’s Mail Signature is a server based application that automatically adds compliant, personalized, good looking email signatures to all outgoing emails. From now on your emails will be 100% consistent with your corporate image. Your signatures may include legal disclaimers, logos, graphics and even advertising banners.

The signatures are tamper proof and fully configurable for any number of staff or groups. The signatures can include the traditional information like Name [first name, last name, and title], Position [job title], Division [business unit], Address [physical and postal], Phone Numbers [office number, mobile number, direct dial and fax] and Email Address. In addition any type of information like disclaimers, logos, marketing text etc. can be added.

Crossware’s Mail Signature Solution doesn’t require design changes to either your IBM Domino address book or any modifications to your Lotus Notes email template, and it is compatible with IBM Domino version 5 and above.

The application works with all the Domino email clients such as: Lotus Notes [Windows/Mac/Linux], Domino Web Access [iNotes] and even Blackberries. In addition, any database used for sending out emails can have a signature appended to the email.
More @ibm.com/partnerworld

Centrally manage you company’s email signatures with Crossware Mail Signature.
Crossware Mail Signature is an email signature product for IBM Domino and Microsoft Exchange which allows you to have complete control of your email signatures. Once you install the software, you can completely customise the design to include logos, advertisements, social media, imagery etc. It is server-based, so your signature will be automatically appended to every email that leaves your organisation, even those sent from mobile devices.

Your company signature will be ‘tamper-proof’, meaning that no one will be able to edit their signature.

Feel free to contact us in the EMEA region we have a contact for you.
Contact information:
Company CrossWare Ltd. 125 The Strand. Parnell. Auckland New Zealand
Phone: +64 9379 7044. http://www.crossware.co.nz

EMEA Region:  Rob Hollier. London, United Kingdom. Sales Manager
+44 20 3588 2000  
rob@crosswareuk.com

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink CentOS alert RHSA-2014-0328. Kernel Update.04/03/2014 08:09 PM
We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.11.2.el6.x86_64 x86_64

Details:
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw
to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures.
An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts
on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101, and Al Viro for reporting CVE-2014-0069.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

More@redhat.com/errata/RHSA-2014-0328

The Badkey Team.

Technorati:
ClustrMaps
Locations of visitors to this page
My World Travel (21%)
world66.gif
47 countries World66 Member
Domino Social Edition
StatCounter Statistics

View My Stats
Visitor Activity
Planetlotus.org
StatCounter Came From
Crossware Mail Signature
Twitter