Taking a Page From Singapore's Cybersecurity Playbook

We could all learn a thing or two about developing an effective cyber security strategy from the government of Singapore. I was recently in Singapore to do a keynote for Singapore GovWare on the Changing State of the Endpoint and, while I was out there, I witnessed something interesting the...

McKesson HCI Hardcoded Passwords

McKesson Horizon Clinical Infrastructure, also known as McKesson HCI, utilizes hardcoded passwords for Oracle database access. HCI serves as the patient record datastore for the majority of McKesson applications. There are two components to an HCI implementation: the Infrastructure or Master serv...

McKesson Horizon Clinical Infrastructure multiple hardcoded accounts

Multiple unchangable hardcoded accounts...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 23rd February 2010 This update adds references to two KBase articles...

Authentication flaw

Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...

CVE-2009-3441

Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...

CVE-2009-3441

Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...

CVE-2009-2856

Sun Virtual Desktop Infrastructure (VDI) 3.0 is affected when anonymous binding is enabled. The issue arises because the client’s attempt to establish an authenticated and encrypted connection is not properly handled, which might allow remote attackers to read cleartext VDI configuration‑data req...

Moxie Marlinspike on SSL Attacks

Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip. Download Subscribe to the Digital...

How Can We Win a Cyberwar?

Cyberwar is no longer an urban legend. From Estonia to Georgia to Israel, cyberwar has become a regular part of geopolitical struggles around the globe, and it promises to become a growing factor in future international conflicts. Even skeptics have to admit that the economics behind cyber warfar...

Short list emerges for cybersecurity czar job

The first reports of the short list for the job of federal cybersecurity coordinator are beginning to trickle out, and while some of the names are all too familiar, many others are quite new to the national scene. The most well-known name on the list, as reported by Reuters, is that of Scott...

Obama cybersecurity plan has a familiar ring

President Obama on Friday presented his long-awaited cybersecurity plan, which included the establishment of a new White House office headed by a cybersecurity “coordinator” who would oversee and advise Obama on this issue. He also proposed hiring a separate official dedicated to privacy and civi...

Private sector relations should be job one for cyber security czar

Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to...

Battle brewing over cybersecurity in Washington

There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any,...

Health scares can provide lessons for security

The swine flu outbreak has inspired a flood of comparisons and false analogies to Conficker and other worms, most of which miss the many key differences between the Internet infrastructure and the human population. But there are lessons that security personnel can learn from the ways that health...

Twitter searching for software security personnel

From ZDNet Zero Day Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security. According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure...

The 5 claims of PCI DSS snake oil salesmen

The Payment Card Industry Data Security Standard PCI DSS is fast becoming the de facto standard for securing critical infrastructure across many industries. This is because a large number of businesses much larger than originally envisioned process credit cards and are, therefore, required to be...

Critical infrastructure security still lagging

The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have...

U.S. Should Play Larger Role in Securing Internet, Hathaway Says

In her much anticipated talk, acting senior director for cyberspace by President Obama, Melissa Hathaway generally reviewed what we already knew, and what has been previously reported when it comes to federal cyber security: The White House should coordinate IT security efforts; private sector...

HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞

BUGTRAQ ID: 34613 CVE ID：CVE-2009-0715 CNCVE ID：CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案，消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞，远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...