Stanford Researchers Find Connecting Metadata With User Names is Simple

One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20131030-asr1000)

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities : - Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability CVE-2013-5543 - Cisco IOS XE Software Malformed EoGRE Packet Denial of Service...

[OS X Auditor] free Mac OS X computer forensics tool

OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the user...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20130410-asr1000)

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities : - Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability CVE-2013-1164 - Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...

CVE-2013-1164

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers ASR does not properly implement the Cisco Multicast Leaf Recycle Elimination MLRE feature, which allows remote attackers to cause a denial of service card reload via fragmented IPv6 multicast packets, aka Bug...

Code injection

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers ASR does not properly implement the Cisco Multicast Leaf Recycle Elimination MLRE feature, which allows remote attackers to cause a denial of service card reload via fragmented IPv6 multicast packets, aka Bug...

Code injection

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers ASR, when bridge domain interface BDI is enabled, allows remote attackers to cause a denial of service card reload via packets that are not properly handled during the processing of encapsulation, aka...

Code injection

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers ASR, when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service card reload by sending many SIP packets, aka Bug ID CSCuc65609...

CVE-2013-2779

CVE-2013-2779 affects Cisco IOS XE on 1000‑series ASR: MLRE flaw that allows remote DoS via fragmented IPv6 MVPN/MVPNv6 packets. Vulnerable in IOS XE 3.4 before 3.4.5S and 3.5–3.7 before 3.7.1S; fix released in 3.4.5S and 3.7.1S/series guidance per advisory. Affected products and specific compone...

CVE-2013-1165

Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers ASR allows remote attackers to cause a denial of service card reload by sending many crafted L2TP packets, aka Bug ID CSCtz23293...

Alliance Issues Guidance for Cloud-Based SIEM Services

The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service SecaaS specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy...

[SECURITY] Fedora 18 Update: drupal7-feeds-2.0-0.5.alpha6.fc18

Import or aggregate data as nodes, users, taxonomy terms or simple database records...

Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 1.0 For Public Release 2012 May 30 16:00 UTC GMT +--------------------------------------------------------------------- Summary =====...

In UK Analytics Software Provides Enhanced (Online) Interrogation For Fraud Suspects

A recent report by the UK’s Serious Organized Crime Agency SOCA shows that the Agency is full speed ahead with plans to use powerful data analytics tools to help find and prosecute everything from money laundering to illegal gambling to 419 scams. The 2011 Annual Report on Suspicious Activity...

Implement security sanitization of RSS feeds and other included content

A great improvement for RSS macros would be to implement "cleansing" or "sanitization" of external RSS feeds. This may be something that is configured at the admin level or in the macro level -- I'd prefer it to be a global admin requirement. Having externally linked content is a security risk, a...

Host Details

This scripts aggregates the OS detection information gathered by several VTs and store it in a structured and unified way. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

AOL Lifestream's Fail Bunny

The thing about the Twitter Fail Whale was that it was just so darned festive looking that you could hardly find it in yourself to be angry at Twitter for crashing yet again. AOL seems to be playing up the “we’re too cute to be mad at” angle big time for Lifestream, a social network aggregation...

Why Cyber Crime ? It's All About Data !!

Cyber crime = crime. How do we make police forces understand this and how to get it prioritized? In this series of blogs I am looking into whether aggregating data can change the way cyber crime is approached and prioritized. At a seminar at the IT Security trade fair in Utrecht detective super...

kernel: mac80211: fix spurious delBA handling

Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service system crash via a Delete Block ACK aka DELBA packet that triggers a certain state change in the absence of an aggregation session...