aqua es scap Post Source: www.hellsparty.net Posted: Nov 19 2008 14:42:00
el programa isap information security automation program es una iniciativa entre varias agencias del gobierno americano nist national institute of standards and technology osd operational services division dhs department of homeland security nsa national security agency y disa defense information systems agency madurada en 2007 que pretende definir lo...... [Show More]
comments on scap 2008 Post Source: feeds.feedburner.com Posted: Sep 25 2008 02:26:54
i just got back from the scap 2008 conference at nist hq and this is a collection of my thoughts in a somewhat random order
presention slides are available at the nvd website
i blogged about scap a year ago and started pushing it in conversations with security managers that i came across.a really if youre managing security of anything and you dont know what scap is you ...... [Show More]
ryan naraine reported over at zdnet zero day on a new iphone vulnerability which lets anyone have full access to the majority of iphone functionality despite your clever 4digit passcode lock.
as mentioned by gre enmymac8 221 and covered by the register full access to contacts and hence browser email sms is as simple as a press of the emergency call...... [Show More]
apple released security update 200805 which contains fixes for
an open scripting architecture cve20082830 privilege elevation issue 10.410.5 workstation server
a filename handling issue in carboncore cve20082320 which may lead to an application denial of service dos or arbitrary code execution 10.410.5 workstation server
a webexploi...... [Show More]
by dave kennedy
implementations of the domain name servers dns protocol may leave systems vulnerable to dns cache poisoning attacks. last week many incident response teams along with software and hardware vendors issued security bulletins and patches to reduce this risk. cache poisoning attacks are almost as old as the dns system itself. enterprises already protect and monitor ...... [Show More]
hackers are a skeptical bunch but that doesnt bother dan kaminsky who got a lot of flack from his colleagues in the security research community after claiming to have discovered a critical bug in the internets infrastructure. kaminsky on tuesday announced a major flaw in the dns domain name system used to connect computers to each other on the internet. in late march h...... [Show More]
last week the rest of my family moved from yalta ukraine to washington d.c. usa bringing with them their cat. ukraine is known for various corrupt activities including pirating games and replacing everything with mods to make it look like a ukranian game. this is often done very poorly and sometimes the pirated game dvds contain crapware and possibly malware. in discussion with my brother ...... [Show More]
apple has reversed course and patched a bug in its safari browser after security researchers showed how it could be used to run unauthorized software on a windows machine . the carpet bomb bug which was originally discovered by security researcher nitesh dhanjani was initially thought to be less serious than it turned out to be. see related stories apple...... [Show More]
col. charles w. williamson iii in his post carpet bombing in cyberspace why america needs a military botnet ran into trouble with the security community when he stated america needs a network that can project power by building an af.mil robot network botnet that can direct such massive amounts of traffic to target computers that they can no longer communicate and...... [Show More]
post from www.1800po cketpc.com
we dont usually find a lot of security vunerability on mobile devices when compared to the desktop cousin but once in a while a few of them do surface.
a security vunerability for windows ce posted in the uscert cyber security bulletin .
multiple unspecified vulnerabilities in the jpeg gdi and gif image processing in microsoft windows ce 5.0 a...... [Show More]
by now you likely have heard about the debian openssl vulnerability found by luciano bello. it was originally announced on may 13th. what occurred is that code was removed because it caused the valgrind and purify tools to produce warnings about the use of uninitialized data in code that was linked to openssl. this change caused only the current process id to be used for the initial see..... [Show More]
nvd ha pubblicato un grafico che mostra il numero di vulnerabilita scoperte nei vari sistemi operativi nel corso del primo quadrimestre del 2008.
brutte notizie per steve jobs e i mac user sara invece contento il buon paperino .
i so da sinistra sono
microsoft windows vista
microsoft windows xp sp2
red hat enterprise linux desktop v. 5 client
red hat enterprise l...... [Show More]
a new serious vulnerability notice was announced yesterday.a core security announced a dos denia lofservi ce vulnerability in the wonderware suitelink software suite. this vulnerability allows hackers to remotely cause the software to terminate. suitelink is a scadaa4 0supervis ory control and data acquisitio naso ftware that controls the process automation in major facilities...... [Show More]
jeff jones this paper is a compilation of vulnerability data for client operating systems for the first 3 month january through march of 2008. vulnerabilities and fixes for the following products are discussed microsoft windows vistamicrosoft windows xp sp2red hat enterprise linux desktop v. 5 clientred hat enterprise linux ws v. 4ubuntu 6.06 lts desktopapple mac os x 10....... [Show More]
...before 2.6.19 as used by serendipity s9y and other products allows attackers to call arbitrary php functions via templates related to a character in a search string....... [Show More]
elastic path is a popular java ecommerce platform for building online stores and shopping carts. elastic path consists of both a shopping front end where customers can browse and choose the products and a managing backend for administration purposes.
users of the administrative interface can be granted different levels of access. research revealed that users with uploaddownload privileges cou..... [Show More]
good article in the 021808 issue of government computer news on implementing the federal desktop core configuration fdcc . this all reminds of my times working on the nasa odin program and the standard windows 2000xp images my team built for some five nasa centers. even though the centers were all supposed to use the same software that didnt happen and we ended up creating ...... [Show More]
una serie di buffer overflow attivabili da remoto rendono molto pericoloso lutilizzo di yassl non aggiornato. c un allerta del national vulnerability database in merito . ...... [Show More]
Feeds and posts are not affliated with ://URLFAN. They are displayed here simply for informational purposes, if you would like to remove your feed please contact us.
Bloggers mention this site on average every 11 days.
E-mail me
Feed subscribe
Is this your website? Activate our 
