Do you suspect that your network has a security hole or is vulnerable to an attack by an outside computer user? If so, then you are in good company with thousands of other computer users.
With any type of network, it is not an obvious way of assuring that it is 100% secure. However, [...]
On April 09, 2008 AirTight® Networks, providers of wireless-intrusion-prevention software, released findings from its second study of wireless security vulnerabilities at airports all over the world. The main objective of the 2 studies is to assess the adoption of security best practices for Airport WiFi networks and to examine the information security risk exposure [...]
Multiple vulnerabilities have been discovered in Cisco ASA and PIX devices running version 7.x and 8.x software. Cisco has released free software updates to address the vulnerabilities. Installation of updates will require after hours work and device reboots.
For more information about individual vulnerabilities, refer to the following link:
-sa-20080604-asa.shtml
Read More...
I recently shared a brief life biography at my workplace as part of a team building and employee engagement emphasis at our monthly staff meeting. I was a bit apprehensive at the idea at first but once I prepared for it and wrapped my life into a few minutes of stories and presentation of [...]
- Euro: Headed Back to 1.60?
- Can the British Pound Hold Onto its Gains?
The Vulnerabilities of the US Dollar
The US dollar weakened significantly this past week as rising oil prices revealed the...
More at: http//moneymakinglounge.blogspot.com
Money Services Businesses (MSBs) provide important services to a large segment of our society. According to FinCEN, MSBs refer to five distinct types of financial services providers: currency exchangers; check cashers; issuers, sellers, or redeemers of traveler’s checks, money orders or stored value; the United States Postal Service; and money transmitters. MSB customers mostly consist of th
Shoaib just blogged on Hacking & Security Community - Ethical or Unethical?. To start with: I do not claim that I know all about ethics and that there is only one view on ethics but I have a clear view on certain things.
I blogged on this theme several times already and made my points pretty clear:
Vulnerability Auction
Selling Vulnerabilities?
WabiSabiLabi and their view on ethics
When
India along with nations across the globe is high on internet vulnerabilities through various medium, highest being malicious codes, phishing and unauthorized scanning. Recent trend is that hackers now turning to websites, servers from their previous choice of emails, cheap apps etc.
Recently India’s premier technology institute IIT’s website has been hacked (source), although this is [...]
Judging strictly by the sheer volume of vulnerabilities Mozilla Firefox was the most insecure browser in 2007, according to Symantec. Firefox had a total of 122 security holes, more than any other rival browser. Symantec credited the efforts poured into securing Internet Explorer 7 for IE managing to be situated under Firefox in terms [...]
As expected, yesterday Microsoft rolled out five "critical" and three "important" patches for Windows Server 2008, Vista, Office, Internet Explorer and other software as part of its regularly scheduled Patch Tuesday release. The eight-patch rollout is significant in that Redmond has now released 25 fixes in the first four months of 2008 -- a pace well on track to exceed 2007's 69 security
Windows Vista SP1 has yet to reach the end of the first month since Microsoft made it available to the general public and the company is already hammering away at the service pack in an attempt to plug critical security holes. On April 8, 2008, Microsoft released a total of eight security bulletins for [...]
The third and final service pack for Windows XP is not even out the door, and security company Symantec has already warned of a security vulnerability impacting XP SP3. With the advent of Windows Vista, Microsoft has started beating the drum of the increased security of its latest Windows client in comparison to XP SP2. Throughout 2007, the Redmond company has offered ample proof of the fact
Microsoft today issued software updates to plug at least 10 security holes in its Windows operating systems and other software. More than half of the vulnerabilities fixed by these patches earned the company’s most dire “critical” rating, and several of them are located in areas of Windows that attackers have shown an affinity [...]
The third and final service pack for Windows XP is not even out the door, and security company Symantec has already warned of a security vulnerability impacting XP SP3. With the advent of Windows Vista, Microsoft has started beating the drum of the increased security of its latest Windows client in comparison to XP SP2. Throughout 2007, the Redmond company has offered ample proof of the fact that Vista RTM was affected by less than half thevolume of vulnerabilities in contrast to XP RTM. This trend seems to continue with Vista Service Pack 1 and XP SP3. The proof of concept of a new bug impacting Windows Explorer is now available in the wild, with potential exploits affecting XP SP3."The bug affects the code that parses Word documents in order to extract and display summary information (fo
The third and final service pack for Windows XP is not even out the door, and security company Symantec has already warned of a security vulnerability impacting XP SP3. With the advent of Windows Vista, Microsoft has started beating the drum of the increased security of its latest Windows client in comparison to XP [...]
It was unbelievably shocking to see the vulnerability database and so many of them. Ignorance is a bliss until something bad happens to someone. Follow the link below to see the database of vulnerabilities and related equipment. Yours might be there. At VoIPshield, you can also download a copy of VoIPauditLite. VoIPauditLiteTM is a basic version of the award winning VoIPauditTM Enterprise. It provides the same vulnerability assessment and penetration testing functions, and is intended to give the prospective VoIPaudit Enterprise purchaser a no cost introduction to the product. VoIPauditLite is a single-user license, includes vulnerabilities for a single vendor, and scans up to 128 targets on a single network.Ottawa, Ontario (April 2, 2008) – VoIPshield Laboratories, the research divisi
At first blush, Microsoft hounds might want to pounce on Apple's release of over 80 vulnerability fixes this week. But before anyone bears that red M tattooed on their chest, you should take another look at Apple's updates.[How's this for a loaded article title? Interesting how updates became vulnerabilities - Scott]
At first blush, Microsoft hounds might want to pounce on Apple's release of over 80 vulnerability fixes this week. But before anyone bears that red M tattooed on their chest, you should take another look at Apple's updates.[How's this for a loaded article title? Interesting how updates became vulnerabilities - Scott]
Google Tech Talks
November, 12 2007
ABSTRACT
This talk discusses how IT professionals can go about
learning what they need to know to prevent the most significant
emerging data security vulnerabilities, and the impact these
vulnerabilities are having on electronic commerce. In this talk,
I will review how attacks such as XSRF (Cross-Site-Request-Forgery)
and SQL Injection work, and how to properly defend against them.
Then, I will present some industry-wide statistics on software
security vulnerabilities reported to various databases, and
emerging trends in the field of software security. Finally, it will
discuss the current state of security education, and provide
pointers to certification programs, books, and
organizations where you can learn more.
Speaker: Neil Daswani
Neil has serv
Microsoft (24hoursnews)'s Patch Tuesday came a day late after a U.S. Computer Emergency Readiness Team advisory warned that a targeted Trojan attack may exploit one of Office Excel's known vulnerabilities.
Altogether, the vulnerabilities can be found in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Office Excel 2002, Office Excel 2000 and Excel 2004 for Mac.
By David Chartier
Thanks to Parallels and VMware, Mac users have powerful virtualization tools for running operating systems in addition to the one Apple installs on the factory floor. Since Windows is one of the most popular virtualized OSes on Apple’s computers, security giant Norton felt it was time to try a new two-punch strategy on [...]
Mac versus Windows vulnerability stats for 2007 by ZDNet’s George Ou — The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and […]
Apple has patched 243 vulnerabilities for the year. Microsoft patched 34 for Windows XP and 20 for Windows Vista. I think this is quite interesting and seems to be ignored by Apple Fanboys.
Kevin Beaver, CISSP, 09.18.2007The hex editor is a long-time favorite investigative tool for forensics professionals. But the capabilities of the tool go Security testing tips Hacking Vista and planning for security breaches Pen testing your VPN beyond piecing together bits and bytes to prove a case. Used in the right context, a hex editor can actually uncover Microsoft Windows and application vulnerabilities that you may not have thought about, yet can't afford to overlook. In fact, the hex editor is one of the most underrated and overlooked security testing tools.Here are just a few of the things you can do with a hex editor to root out security weaknesses in your Windows environment: Check for passwords that may still be saved in Windows, Internet Explorer (IE) and other applications. Passwords left in memory can pose a risk and this technique demonstrates just how vulnerable logins and other pr
Remember this post OEMs: Join in to "Secure by Default"? I wrote it in June…
Now, HP just confirmed a vulnerability in their software delivered on 82 laptop models on all the different Windows versions: HP Quick Launch Buttons Critical Security Update
What about the Security Development Lifecycle for third-party applications? There is a reason, why I always flatten OEM PCs and just install, what I need…
Roger
Sipera VIPER Lab determined the Top 5 VoIP Vulnerabilities for 2007 were:1) Remote eavesdropping of VoIP phone calls, a practice that is exponentially easier in VoIP than with traditional PSTN telephone networks, and which represents a major breach of enterprise communications and security.2) VoIP Hopping, one of the enablers of remote eavesdropping, but more critically compromises VLANs, that were previously trusted as providing VoIP security, by enabling a PC to mimic an IP phone so hackers can access VoIP systems.3) Vishing, the practice of VoIP phishing, which enables hackers to spoof caller ID and present a fraudulent phone identity, causing some consumers to share sensitive, personal information, such as credit card numbers, with hackers masquerading as banking representatives.4) Toll fraud, which allows unauthorized users to access enterprise VoIP networks and make calls, increasing VoIP costs and traffic. While there was a much publicized case in 2006, when the FBI charged two
Ingraham Highlights Region's Vulnerabilities:
By Tameka Lundy -
Nassau, Bahamas:
Against the backdrop of an environment that is under heavy threat from the effects of climate change, Prime Minister Hubert Ingraham has appealed for clear and urgent action.
He made the call at a plenary dinner of the Caribbean-Central American Action Conference in Miami, Florida that was underway at the same time that international figures were meeting in Bali, Indonesia on the global threat of climate change.
Mr. Ingraham said with stepped up global integration comes increased risk of transmission of threats across boundaries.
"For the small states in the region, it is not possible to overestimate the threat that environmental degradation poses for their sustainability, indeed their survival," he said.
"Climate change has the potential to undermine the most vibrant, and for many, the largest economic sector in the region - that is tourism.
"Tourism is for many of the small island states the p
Mozilla has released Firefox 2.0.0.10, an update that fixes three security vulnerabilties rated as high.
The first of the bugs may allow a cross-site scripting (XSS) attack due to an error in handling JavaScript initiated window contents changes (window.location). Another one, fixes the well publicized jar: protocol flaw that could also allow cross site scripting attacks. Mozilla has tightened the conditions for loading jar: protocol URIs:
Support for the jar: URI scheme has been restricted to files served with a Content-Type header of application/java-archive or application/x-jar. Web applications that require signed pages must make sure their .jar archives are served with this Content-Type. Sites that allow users to upload binary files should make sure they do not allow these files to have one of these two MIME types.
(more…)
Share This
In McAfee's predictions for 2008, McAfee Avert Labs Top 10 Threat Predictions for 2008has valuable information regarding over all security. Two of them relate to our industry and I have listed them here. We have written about security many a times, like things discovered at Blackhat 2007 and have published information about security webinars. Keeping up with the tradition here are the information provided by McAfee, something to call yourselves about.9. VoIP Attacks Speak UpVoIP attacks should increase by 50 percent in 2008. More than twice the number of VoIP-related vulnerabilities were reported in 2007 versus the previous year—several high-profile “vishing” attacks, and a criminal phreaking (or fraud) conviction—so it’s clear that VoIP threats have arrived and there’s no sign of a slowdown. Although ABI Research estimates 1.2 billion VoIP users by 2012 (with $150 billion annual service revenues), the technology is still new to many and implementing defense strategies i
Adobe is offering a software update to fix a security flaw in its Adobe Acrobat and Adobe Reader products — the latter being free software that many people use to view PDF documents. The update, which brings the latest versions of both Adobe Reader and Acrobat to versions 8.1.1, fixes a vulnerability that [...]
Wireless Vulnerabilities and Exploits (WVE) es un registro público de todas las vulnerabilidades wireless. Esta iniciativa está patrocinada por CWNP, empresa independiente que brinda entrenamiento en wireless y por el Centro de Estudios Avanzados de Defensas en Washington. La iniciativa será gestionada por una comisión Editorial conformada por expertos de la academia, del gobierno y de
PUBLISHERS DESCRIPTION:
The Secunia Personal Software Inspector BETA works by examining files on your computer (primarily .exe, .dll, and .ocx files). These files contain non-specific meta information provided by the software vendor only. This data...
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Charlie Miller found a vulnerability in the Apple iPhone that could have allowed a malicious Website to break into the phone and capture personal information. The flaw has since been fixed, and Mr. Miller described the dealings he had with Apple and the ethical quandaries associated with these vulnerabilities in an interview with Dean Takahashi at the TechTalk Blog
Apple released a bevy of patches for the Macintosh operating system, as well as its first patch for the iPhone late Tuesday. Almost fifty separate vulnerabilities have been fixed as a result.
More...
Windows and Mac computer users must patch their systems, as Microsoft releases July 2007 security bulletins.Sophos Antivirus vendor has advised computer users to install a number of new critical security patches from Microsoft.As part of its monthly "Patch Tuesday" schedule Microsoft has issued six new bulletins (three of them labeled "critical") about 11 security vulnerabilities in its software.Vulnerabilities described in the critical security bulletins include security issues with Microsoft Excel (in both Windows and Apple Mac versions), Windows Active Directory and the .Net Framework. The remaining bulletins address issues in Windows Vista's Firewall, Microsoft Office Publisher 2007 and IIS 5.1 on Windows XP Service Pack 2.Some of the flaws in Microsoft's code could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.Read more about the security patches now, and protect your computersGraham Cluley, senior technolog
Adobe this week fixed critical vulnerabilities within its Flash Player that could allow an attacker to take control of an affected system. According to a company advisory, all current versions of Flash 9, 8 and 7 are affected by the problem, which relates to not validating certain input.
More...
As part of its Patch Tuesday updates this week, Microsoft corrected 10 vulnerabilities in Windows and Office, 7 of which were deemed "critical." Three critical flaws were fixed in Excel that could allow for remote code execution, while one was fixed in Windows 2000 and Server 2003.
More...
To no one’s surprise, hackers have been hard at work on the iPhone since day one, and it looks like they’re already turning up a few vulnerabilities. As The Register reports, the folks at Errata Security seem to have been the most successful to date, finding not one, but two “bugs” with the phone. Read on…
Via: Engadget.com
F-Secure and Authentium patch holes, while Samba flaws worry Apple users.Users of Mac OS X, used to a cosy sense of security, have been warned of possible penetration vectors thanks to a slew of flaws unveiled in the Samba networking system used to connect Macs to Windows systems.An alert issued by Symantec's DeepSight threat team warned Mac users that even if their systems report being fully patched, fixes for the latest batch of vulnerabilities in Samba, reported in early May, are unlikely to be in place, as Apple has apparently not released updates to the system since 2005. While a default installation of Mac OS X includes Samba version 3.0.10, version 3.0.25 is needed to be safe from the latest flaws.Details of the Samba buffer-overflow issues are here, and patches can be downloaded here.F-Secure meanwhile joins a growing roster of AV firms rocked by security flaws in their products in recent months, with four separate vulnerabilities in their products reported in the last
Over the past few weeks there has been some vulnerabilities that have surfaced for Wordpress 2.1.* releases. The first link is sql injection attack in a weakness of xmlrpc.php. A prerequisite is that you must be a user on the target wordpress blog. The second link describes a blind sql injection attack on admin-ajax.php. The third link is the advisory of the admin-ajax.php exploit. The fourth
Technical DescriptionMultiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of an affected system.The first issue is caused by a memory corruption error when instantiating the "chtskdic.dll" COM object as an ActiveX control, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.The second vulnerability is caused by a memory corruption error when accessing a previously deleted object, which could be exploited by malicious web sites to compromise a vulnerable system.The third issue is caused by a memory corruption error when calling the property method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.The fourth vulnerability is caused by memory corruption errors when accessing uninitialized memory, which could be exploited by malicious
Technical DescriptionTwenty-five vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, disclose sensitive information, or bypass security restrictions.The first issue is caused by an error in the AFP Client that executes commands without properly cleaning the environment, which could be exploited by local attackers to create malicious files or execute arbitrary commands with system privileges.The second vulnerability is caused by a buffer overflow error in the AirPortDriver module when processing malformed control commands, which could be exploited by malicious users to execute arbitrary code with elevated privileges on eMac, iBook, iMac, PowerBook G3, PowerBook G4, or Power Mac G4 systems equipped with an original AirPort card.The third issue is caused by an error in the CoreServices interprocess communication, which could allow a local user to obtain a send right to the M
McAfee, Inc., announced that it provides coverage for the security vulnerabilities disclosed by Microsoft Corporation today. This out-of-cycle patch contains seven security vulnerabilities, five of which were not previously disclosed (www.huliq.com). These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory. "Today Microsoft issued a rare out-of-cycle patch to fix vulnerabilities in GDI," said Dave Marcus, security research and communications manager, McAfee Avert Labs. "McAfee Avert Labs is always concerned when Microsoft releases an out-of-cycle patch. We urge our customers and the computing public to take this release seriously, as there has already been active exploitation of at least on
The man who wrote the book on Microsoft’s highly rated SDL (Security Development Lifecycle) believes buffer-related security vulnerabilities found in Windows Vista should be downgraded because of back-up mitigations built into the operating system.
Read more…
