745 matches found
War on Passwords? Check with Your QSA First!
Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we dont see a password breach in the news...
GAO: FCC Network Fortification Project Fails
The Government Accountability Office has determined that the Federal Communications Commission failed to properly implement necessary security controls in the initial phases of its Enhanced Secured Networks project, and, as a result, FCC data remains vulnerable to “unnecessary risk of inadvertent...
Malware Infects Two Power Plants Lacking Basic Security Controls
During the past three months, unnamed malware infected two power plants’ control systems using unprotected USB drives as an attack vector. At both companies, a lack of basic security controls made it much easier for the malicious code to reach critical networks. In one instance, according to a...
Information of Nearly 4,000 Beth Israel Patients at Risk in Stolen Laptop Incident
The information of nearly 4,000 patients at Boston’s Beth Israel Deaconess Medical Center BIDMC may have been leaked according to a report from the Boston Globe over the weekend. A laptop was stolen from the Harvard-associated teaching hospital on May 22 that could yield the incomplete medical...
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist
As the tech and investment banking worlds eagerly anticipate Facebook’s long-awaited initial public offering, the world’s largest social network is trying to put stops to a suspicious, but arguably benign, plugin. According to a Brian Krebs report, Dru Mundorff of Arizona is shamelessly selling t...
Facebook strengthens security with AntiVirus Marketplace
Facebook strengthens security with AntiVirus Marketplace Facebook has launched Anti-Virus Marketplace , a new portal to protect the social network's users.Members are being encouraged to download anti-malware programs which they can use at no cost for six months. Facebook is strengthening its...
Lessons from Chicago: Bad Policy, Not Geopolitics, Enables IP Theft
One thing that CME Group, the company that runs the Chicago Mercantile Exchange, wants to make perfectly clear is that it places a “high value on protecting its intellectual property and trade secrets.” That was the clear message from CME following the arrest of an employee for stealing company...
Carriers Enhance Mobile Security to Combat Attacks and Breaches
Carriers, developers, and phone makers are rolling out new services and features to protect mobile devices from malicious attacks and data breaches. As people increasingly use smartphones for email, banking, and document access, the wireless industry is addressing mobile device security. Accordin...
Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...
Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass
Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. Thi...
Adobe Details Reader Protected Mode Sandbox
Adobe officials have said that the next version of Reader, one of the more popular and oft-targeted applications on the Internet right now, will have a sandboxing feature, and now the company is providing a detailed description of the new Protected Mode addition. Adobe’s Brad Arkin, the director ...
This Week in Security: Phantom Firefox Menace, Mass Domain Ownage and The Curious Case of IE6
There’s old, and there’s old. Internet Explorer 6 clearly falls into the latter category, but despite its advancing age, IE6 still holds a lot of sway in the enterprise, as new data that came to light this week. That’s not the only weirdness that reared its head this week, though. There was the...
Android Also Gives Google Remote App Installation Power
The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on user...
Security Programs Focusing Too Much on Compliance, Study Finds
Enterprises are spending huge amounts of money on compliance programs related to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected in light of the priorities of most information security programs, a new study has found. A paper by Forrester Research, commissioned by Microso...
Ubuntu Update for openoffice.org vulnerabilities USN-903-1
Ubuntu Update for Linux kernel vulnerabilities USN-903-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9031.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openoffice.org vulnerabilities USN-903-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)
It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 Sebastian Apelt and Frank Reissner discovered that OpenOffice did not...
NSA to Senate: '3 Steps Should Thwart 80% of Attacks'
Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency official. Richard Schaeffer Jr., the NSA’s information assurance director, told the Senate Judiciary Committee’s Terrorism...
Is It Time to Stop Password Masking?
From SANS AppSec Street Fighter Blog Jason Montgomery I just ran across Jakob Nielsen‘s Alert Box post titled Stop Password Masking and wanted to provide some feedback from a security vs. usability perspective. I have great respect for Nielsen’s contribution to the usability of the web. Back in t...
MasterCard to Require On-Site Audits for Small Shops
From Computerworld Jaikumar Vijayan In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually. Starting Dec 31, 2010 companies that fall into this...
FreeBSD : linux-flashplugin -- multiple vulnerabilities (78f456fd-9c87-11dd-a55e-00163e000016)
Adobe Product Security Incident Response Team reports : Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends user...