Thinking About Software Security Holistically

While assessing software systems of all types a few common mistakes regularly come up. These aren’t mistakes that lead directly to vulnerabilities, but mistakes in how some software companies think about security, that can lead to invalid assumptions, and ultimately which can allow real security...

Google/Trimble SketchUp Detection

Google SketchUp or Trimble SketchUp formerly Google SketchUp is installed on the remote host. SketchUp is a 3-D modeling application. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56712; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate",...

Google SketchUp v8.x - Memory Corruption Vulnerability

Document Title: =============== Google SketchUp v8.x - Memory Corruption Vulnerability Release Date: ============= 2011-09-12 Vulnerability Laboratory ID VL-ID: ==================================== 99 Product & Service Introduction: =============================== Google SketchUp Pro is 3D modeli...

Google SketchUp v8.x - Memory Corruption Vulnerability

Document Title: =============== Google SketchUp v8.x - Memory Corruption Vulnerability Release Date: ============= 2011-09-12 Vulnerability Laboratory ID VL-ID: ==================================== 99 Product & Service Introduction: =============================== Google SketchUp Pro is 3D modeli...

Microsoft Releases New Versions of Software Security Tools

Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now...

Fedora Update for blender FEDORA-2011-8474

Check for the Version of blender OpenVAS Vulnerability Test Fedora Update for blender FEDORA-2011-8474 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 14 Update: blender-2.49b-14.fc14

Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other medi...

[SECURITY] Fedora 15 Update: blender-2.49b-16.fc15

Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other medi...

CVE-2011-0792

Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 OWB and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling...

CVE-2011-0792

Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 OWB and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling...

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

SmarterMail 7.1.3876 Directory Traversal Vulnerability

No description provided by source. Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author : sqlhacker – http://cloudscan.me Thanks to : Burp Suite Pro - engagement tool : FuzzDB Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 Bug ...

SmarterMail 7.1.3876 Directory Traversal Vulnerability

Exploit for windows platform in category remote exploits ====================================================== SmarterMail 7.1.3876 Directory Traversal Vulnerability ====================================================== Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author :...

[SECURITY] Fedora 12 Update: kdesdk-4.4.3-1.fc12.1

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

Apple Desperately Needs an SDL Program

We’ve been saying this for years but there’s a certain desperation today for an SDL-type program at Apple. The security reality does not match Apple’s marketing/advertising and, as the Pwn2Own exploits show, the company is running around in circles trying to keep hackers at bay. Apple needs to...

Apple Snags former Mozilla Security Chief

Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem. Snyder, who last worked as Mozilla’s security chief, confirmed she is joining Apple as senior product manager for security. At Mozilla, Snyder introduced the concept of threat modeling...

Window Snyder

Window occupies an entirely unique place in the security community. Sure, being a woman in the security community is rare enough. But she also commands a lot of respect in this ultra-competitive world, having helped develop Microsoft’s threat modeling process, worked as a security architect at...

Adam Shostack, Microsoft

I first met Adam well before he joined Microsoft and have interviewed and corresponded with him dozens of times over the years, and I’ve learned something new from every one of those conversations. Given that the goal of most interviews is to learn new information, you’d think that would be sort ...

Google SketchUp 'lib3ds' 3DS Importer Memory Corruption

Advisory ID Internal CORE-2009-1209 1. Advisory Information Title: Google SketchUp 'lib3ds' 3DS Importer Memory Corruption Advisory Id: CORE-2009-1209 Advisory URL:www.coresecurity.com/core-labs/advisories/google-sketchup-vulnerability Date published: 2010-01-13 Date of last update: 2010-01-12...

Steve Lipner on the Microsoft SDL and Windows 7 Security

Dennis Fisher talks with Steve Lipner of Microsoft about the Security Development Lifecycle, changes in the threat modeling process and the security of Windows 7. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...