Check Point Endpoint Security Full Disk加密RDP连接拒绝服务漏洞

Bugraq ID: 36315 Check Point Endpoint Security Full Disk Encryption是一款功能强大的硬盘加密管理软件。 Check Point Endpoint Security Full Disk Encryption不能同时正确处理多个RDP连接，提交如下的测试方法可使服务器蓝屏： for /L %i in 1,1,20 do mstsc /v:127.0.0.%i Check Point Software Endpoint Security Full Disk Encryption 目前没有详细解决方案提供：...

New WiFi Attack Cracks WPA–Again

A pair of Japanese researchers have developed an improvement on an existing technique for attacking wireless LAN traffic that enables them to intercept and decrypt encrypted packets in about a minute, significantly lowering the barrier to entry for attackers looking to listen in on supposedly...

CVE-2009-2602

R2 Newsletter Lite, Pro, and Stats suffer an improper access control vulnerability that stores sensitive data under the web root, allowing remote attackers to directly download the admin.mdb database file. The issue is documented in CVE-2009-2602 with a base CVSS v2 score of 5.0 (Medium), attack ...

openSUSE Security Update : seamonkey (seamonkey-380)

The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

New attack produces quicker SHA-1 collisions

From The H Security Australian researchers have described a new and faster way of provoking collisions of the SHA-1 hash algorithm. With their method, a collision can be found using only 252 attempts. This makes practical attacks feasible and could have an impact on the medium-term use of the...

Microsoft Internet Explorer 6 - JavaScript: URI in Refresh Header Cross-Site Scripting

Microsoft Internet Explorer 6 - JavaScript: URI in Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/35570/info Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can explo...

The Berkeley breach: Is SaaS the answer?

One recent Friday afternoon I took time off to visit two new health providers: a new dentist nearer my home and an orthopedic to look at my lateral epicondylitis. In both cases, as a new patient, I filled in page after page of medical history and personal information, including my Social Security...

Cybercriminals in the cloud

From Forbes Charlotte Dunlap Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals. Recently, it was reported that foreign hackers broke into t...

Crack Windows encryption protection: EFS decryption through-vulnerability warning-the black bar safety net

EFSEncrypting File System, Encrypting File Systemencryption is based on the NTFS disk art encryption technology. EFS encryption is based on Public Key Policies. Using EFS to encrypt a file or folder, the system will first generate a pseudo-random number consisting of a FEKFile Encryption Key file...

Study: Businesses still don't recognize insider threat

From DarkReading Tim Wilson Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves darkreading.com from insider threats, according to two new analyst reports. Although 88 percent of the respondents to a Forrester Research study said th...

Can MashSSL solve the mash-up security problem?

A startup out of the University of Texas today released a new open protocol and related technology that addresses the inherent security risks to Web 2.0-type application mashups, according to a new report darkreading.com. SafeMashups’ new technology lets applications authenticate with one another...

After data breach, Visa removes Heartland from PCI list

Credit card giant Visa has taken Heartland Payment Systems and RBS WorldPay off its list of service providers that are compliant with the PCI Data Security Standard. In a statement released Friday, Visa said it was removing the payment processors based on “compromise event findings.” RBS WorldPay...

CVE-2009-0368

OpenSC (the OpenSC package) is affected by CVE-2009-0368. The vulnerability allows private data objects on smartcards initialized with OpenSC to be read without authentication, demonstrated via a low-level APDU command or via debugging tools (e.g., reading specific files with opensc-explorer/open...

CVE-2008-6375

CVE-2008-6375 affects JBook, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to directly download the database file (userids.mdb), exposing partial confidentiality as per the CVSS metrics (base score 5.0, MEDIUM). The s...

Privacy problems in the cloud

With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies. But what of security and privacy? Where ...

Update Protections against Recent Malware Threats (19-Feb-09)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Mozilla Foundation Security Advisory 2009-06

Mozilla Foundation Security Advisory 2009-06 Title: Directives to not cache pages ignored Impact: Low Announced: February 3, 2009 Reporter: Paul Nel Products: Firefox Fixed in: Firefox 3.0.6 Description Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store...

CVE-2008-6057

Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request...

CVE-2008-6054

CVE-2008-6054 affects PreProjects Pre Courier and Cargo Business , which stores dbcourior.mdb under the web root with insufficient access control. This directly enables remote attackers to obtain passwords by requesting the file, per the NVD entry. The vulnerability is characterized as a network ...

CVE-2008-5929

VP-ASP Shopping Cart 6.50 is reported to store sensitive information under the web root with insufficient access control, enabling remote attackers to download the database (database/shopping650.mdb) via a direct request. This CVE description specifies that the vulnerability arises from improper ...