According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London. This will
So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems Debian and the whole of the Ubuntu family to remove the seed used for PRNG Pseudo Random Number Generator used when
Notable headlines: Larry Dignan: Comcast buys Plaxo: Will social networking and TV fly? Dennis Howlett: Comcast scoops up Plaxo: good move Dan Farber: Comcast goes social with Plaxo acquisition Techmeme EIC podcast: HP-EDS; Google; SaaS Adrian...
Nitesh Dhanjani released information about some of his newest research on the Safari web browser this morning, and interestingly enough, Apple has decided NOT to fix some of the issues he presented. Dhanjani reported three issues, as follows below from
Jeff Jones, director of security strategy for Microsoft, has published two papers this week which look at OS vulnerabilities. According to Jones, Windows sees fewer patches than any of the other operating systems looked at. If you're in the mood
Irony at its best. It appears that Redmond - The Independent Voice of the Microsoft IT Community, formerly known as Microsoft Certified Professional Magazine is currently flagged as a badware site, and third-party exploit detection tools are also detecting internal
As I mentioned in the post, Virtualization and security, quite a number of suppliers focused on security in virtualized environments have come forward to speak with me in the past month. Stonesoft is one of those companies. Mark Boltz, Senior
Writing today in the latest issue of Nodalities Magazine, Garlik CEO Tom Ilube tackles the increasingly fraught subject of Identity Theft before moving past it to consider notions of 'social verification.' Tom's company, Garlik, offers a product called DataPatrol that
Notable headlines: Mary Jo Foley: It's finally official: XP is coming to the XO. Christopher Dawson: Sugar-free Windows, as predicted Microsoft cuts backup from Windows Home Server PowerPack Larry Dignan: Icahn launches Yahoo proxy fight; Mark Cuban's return?...
1st Privacy Tool is a security utility that allows you to restrict access to Windows important resources. This utility helps you to keep your computer in order. It enables you to impose a variety of access restrictions to protect your
LinuxSecurity.com: Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user (CVE-2008-1801).
LinuxSecurity.com: Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis
Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the Certificate Trust List (CTL) Provider service can be exploited to consume
Some vulnerabilities and security issues have been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to gain escalated privileges or manipulate certain data, and by malicious people to disclose sensitive information, conduct SQL injection
Debian has issued an update for gforge. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
t0pP8uZz has reported a security issue in Interspire ActiveKB, which can be exploited by malicious people to bypass certain security restrictions. The problem is that the application allows access to the admin interface by checking if a certain cookie exists.
A security issue has been reported in GForge, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to temporary files being handled in an insecure manner. This can
HaCkeR_EgY has reported a vulnerability in 68 Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cat" parameter in category.php is not properly sanitised before being used in SQL queries. This can
Saime has discovered a vulnerability in the BLOG Engine plugin for e107, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "rid" parameter in comment.php is not properly sanitised before being used in
U238 has reported some vulnerabilities in W1L3D4 Philboard, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "forumid" parameter in admin/philboard_admin-forumedit.asp, admin/philboard_admin-forum.asp, and W1L3D4_foruma_yeni_konu_ac.asp, the "id" parameter in W1L3D4_konuoku.asp and W1L3D4_konuya_mesaj_yaz.asp, and the
