9537 matches found
CVE-2009-3441
Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...
CVE-2009-3441
Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...
CVE-2009-2856
Sun Virtual Desktop Infrastructure (VDI) 3.0 is affected when anonymous binding is enabled. The issue arises because the client’s attempt to establish an authenticated and encrypted connection is not properly handled, which might allow remote attackers to read cleartext VDI configuration‑data req...
Moxie Marlinspike on SSL Attacks
Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip. Download Subscribe to the Digital...
How Can We Win a Cyberwar?
Cyberwar is no longer an urban legend. From Estonia to Georgia to Israel, cyberwar has become a regular part of geopolitical struggles around the globe, and it promises to become a growing factor in future international conflicts. Even skeptics have to admit that the economics behind cyber warfar...
Short list emerges for cybersecurity czar job
The first reports of the short list for the job of federal cybersecurity coordinator are beginning to trickle out, and while some of the names are all too familiar, many others are quite new to the national scene. The most well-known name on the list, as reported by Reuters, is that of Scott...
Obama cybersecurity plan has a familiar ring
President Obama on Friday presented his long-awaited cybersecurity plan, which included the establishment of a new White House office headed by a cybersecurity “coordinator” who would oversee and advise Obama on this issue. He also proposed hiring a separate official dedicated to privacy and civi...
Private sector relations should be job one for cyber security czar
Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to...
Battle brewing over cybersecurity in Washington
There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any,...
Health scares can provide lessons for security
The swine flu outbreak has inspired a flood of comparisons and false analogies to Conficker and other worms, most of which miss the many key differences between the Internet infrastructure and the human population. But there are lessons that security personnel can learn from the ways that health...
Twitter searching for software security personnel
From ZDNet Zero Day Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security. According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure...
The 5 claims of PCI DSS snake oil salesmen
The Payment Card Industry Data Security Standard PCI DSS is fast becoming the de facto standard for securing critical infrastructure across many industries. This is because a large number of businesses much larger than originally envisioned process credit cards and are, therefore, required to be...
Critical infrastructure security still lagging
The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have...
U.S. Should Play Larger Role in Securing Internet, Hathaway Says
In her much anticipated talk, acting senior director for cyberspace by President Obama, Melissa Hathaway generally reviewed what we already knew, and what has been previously reported when it comes to federal cyber security: The White House should coordinate IT security efforts; private sector...
HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞
BUGTRAQ ID: 34613 CVE ID:CVE-2009-0715 CNCVE ID:CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案,消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞,远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...
Bad outweighs the good in Senate cybersecurity bill
The Senate bill introduced earlier this month that would make sweeping changes to the way that information security is practiced both in the federal government and the private sector has a number of good elements, but the flaws in the proposed legislation outweight the benefits, writes Steve...
Electrical grid attacks have been ongoing for years
The supposedly new attacks on the electrical grid and other portions of the country’s critical infrastructure that came to light this week are in fact not new at all and have been ongoing for several years. Attackers have been making serious inroads into U.S. government, utility and military...
PT-2009-3785 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.29.1 Description: The issue is related to the "udp seq file infrastructure" in the Linux kernel. It allows local users to cause a denial of service panic by reading zero bytes from the /proc/net/udp file and...
PT-2009-3770 · Check Point · Check Point Firewall-1
Name of the Vulnerable Software and Affected Versions: Check Point Firewall-1 PKI Web Service affected versions not specified Description: A buffer overflow issue in the PKI Web Service allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long Authorizati...
U.S. falling far behind on cybersecurity
In the next few weeks President Barack Obama will be handed a report detailing the country’s cybersecurity defenses and laying out what’s needed to protect America’s technology resources from hostile nations and organized crime groups. It will not be a pretty picture. Cybersecurity experts, forme...