NIST IT Security: Forum

NIST Site Search

Product Research

Advertise on this site

Headlines

eEye Digital Security - Zero-Day Tracker

»	Mac OS X ARDAgent Local Privilege Escalation ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell ...
»	Creative Software AutoUpdate Engine ActiveX stack buffer overflow The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic updat ...
»	Internet Connection Sharing DoS A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft ...
»	RPC Memory Exhaustion The three referenced exploits take advantage of an inherent problem in RPC, in which an attacker get ...

Date published: Tue, 6 Jan 2009 14:56:00 PST
Details

Date published: not known
Details

US-CERT Current Activity

»	Rogue MD5 SSL Certificate Vulnerability
»	Worm Exploiting Vulnerability described in MS08-067
»	Malware Spreading via Malicious Ecards
»	Mozilla Releases Thunderbird 2.0.0.19
»	Trend Micro Releases Updates for HouseCall
»	Microsoft Releases Security Advisory (961040)
»	Microsoft Releases Security Bulletin MS08-078
»	Mozilla has released Firefox 3.0.5
»	Opera Software releases Opera Version 9.63
»	Microsoft Releases Advance Notification

Date published: not known
Details

SecurityFocus News

»	News: Group attacks flaw in browser crypto security Group attacks flaw in browser crypto security
»	News: Commission calls for cybersecurity czar Commission calls for cybersecurity czar
»	News: Microsoft hopes free security means less malware Microsoft hopes free security means less malware >> Advertisement << Ca ...
»	News: Researchers find more flaws in wireless security Researchers find more flaws in wireless security
»	Brief: Researchers claim flaws in Intel's trusted platform Researchers claim flaws in Intel's trusted platform

Date published: not known
Details

ha.ckers.org web application security lab

»	HTTP Verb Brute Forcing I read a few interesting posts here and here regarding brute forcing HTTP verbs. The F5 post sugges ...
»	ToS Abuse Abuse Sorry I haven’t posted in a while. Not for lack of wanting to, but alas, the real world keeps ...
»	Browser Power Consumption This isn’t like most the other posts I do on here since it’s only tangentially security ...
»	HTTPOnly Fix In MSXML I’m happy to announce that Microsoft has released MS08-069 today. It’s got a lot of cha ...
»	Lifelock Protects You from Clickjacking Well, now I’ve seen everything. Just when I didn’t think I could ever be amazed more by ...
»	Security Expert Rehabilitation In light of my last gloom and doom post, I wanted to turn the tables and add some humor. A while ba ...
»	Apocalyptic Vulnerability Percentages - FUD 101 I’ve spent a long time in the trenches and recently I’ve been getting more and more jade ...
»	More McAfee Snakeoil Ranting I know a lot of people are just tired of the same old PCI ASV rant that really surfaced last year, b ...
»	Clickjacking Details Today is the day we can finally start talking about clickjacking. This is just meant to be a quick ...
»	Tomcat SSL Fingerprinting I ran into this a few weeks ago and I thought it was just so silly I had to post it. If you telnet ...

Date published: not known
Details

Date published: not known
Details

CIAC Updates

»	T-025: Vulnerabilities in Microsoft XML Core Services A remote code execution vulnerability exists in the way that Microsoft XML Core Services parses XML ...
»	T-024: Vulnerability in Server Message Block (SMB) A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Pr ...
»	T-023: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco P ...
»	T-022: OpenOffice.org Security Vulnerabilities Several vulnerabilities have been discovered in the OpenOffice.org office suite, in the WMF file par ...
»	T-021: libspf2 DNS TXT Vulnerability libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. An SPF record ...
»	T-020: Security Update for Adobe Reader 8 and Acrobat 8 Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions ...
»	T-019: libxml2 Vulnerability It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. T ...
»	T-018: Vulnerability in Server Service A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerabi ...
»	T-017: Gear Software CD DVD Filter Vulnerability The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allo ...
»	T-016: iseemedia / Roxio / MGI Software LPViewer ActiveX Vulnerabilities The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a r ...
»	T-015: InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, whi ...
»	CIACTech08-003: Understanding Cross-Site Scripting (XSS) Cross-Site Scripting has become an increasingly prevalent attack vector that can be leveraged to per ...
»	CIACTech08-002: Understanding Windows Hash Dumpers and Crackers Windows hash dumping tools are often spotlighted as hacker tools that can somehow magically extract ...
»	CIACTech08-001: Understanding PHP Exploits Many websites use the PHP programming language to build web pages on the fly from individual files a ...
»	CIACTech07-001: MOICE - Microsoft Office Isolated Conversion Environment A common cyber attack is to send a user an Office document (Word, Excel, PowerPoint) containing mal ...

Date published: not known
Details

NIST.org Forums

Vulnerabilities & Threats ( Read Only )
Forum		Threads	Replies	Last Post
	Anonymous Posts Have something to report but don't want your name associated with it? Post it here. We still reserve the right to remove objectable or slanderous material (or anything else we don't like). If you're a member logout before posting to remain anonymous. Minimal logs but they're subject to legal requests.	0	0	-
	IT Security Issues Generally what ever doesn't fit else where that concerns IT Security goes here. If discussions warrant then new forums will be created and topics moved.	4	2	Wed May 31 2006, 06:19AM NIST.org
	The Non-Encrypted Hall of Shame In today's world not protecting other people's personal information that has been entrusted to you is a shameful act. Too bad there isn't a law called “negligent theft”, until such time we give you “The Non-Encrypted Hall of Shame”.	3	0	Sat Jun 24 2006, 12:10PM NIST.org
	Social Engineering Social Engineering war stories	1	0	Tue Apr 18 2006, 09:45PM NIST.org
	Viruses, Trojans and Worms Have a problem and need help? Post your question here and someone will send help your way.	0	0	-
	Spyware Spyware and spyware removal. Also adware and general malware.	0	0	-
	Microsoft Vulnerabilities Anything having to do with Microsoft vulnerabilities and their fixes.	4	5	Wed Mar 15 2006, 05:24PM Meehowski

Certification and Training ( Read Only )
Forum		Threads	Replies	Last Post
	Security Certifications Discussions regarding CISSP, GSEC, Security+, etc. certifications.	3	2	Tue Jan 06 2009, 07:01AM Quentin

Federal Government Compliance - IT Security ( Read Only )
Forum		Threads	Replies	Last Post
	Anonymous Posts Have something to get off your chest but don't really want everyone in your office to know its you? Post it here. We still reserve the right to remove objectable or slanderous material (or anything else we don't like). If you're a member logout before posting to remain anonymous.	0	0	-
	FISMA Federal Information Security Management Act (FISMA) was enacted in the U.S. in 2002. The act is meant to bolster computer and network security within the Federal Government and government contractors.	0	0	-
	NIST FIPS NIST - FIPS Publications - Federal Information Processing Standards (NIST = National Institute of Standards and Technology)	0	0	-
	NIST SP 800 Documents Discussions related to the NIST Special Publication 800 series documents.	4	3	Tue Sep 25 2007, 05:47PM NIST.org
	OMB Circular A-130 This Circular establishes policy for the management of Federal information resources. OMB includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices.	0	0	-
	POA&M Reporting Plan of Action and Milestones (POA&M) - Reporting required under the Security Reform Act. OMB has developed the POA&M reporting guidance.	1	0	Tue Apr 10 2007, 04:39PM Mathurin
	HSPD-12 : Personal Identity Verification (PIV) Project Another big mandate with the clock ticking. Lots of Smartcard and Biometrics associated with this project.	0	0	-

Information
	Top Posters \| Most Active Threads
	Welcome guest These forums can only be posted to by registered and logged in members, please click here to go to the registration page.
	The users of this forum have made a total of 32 posts (20 threads, 12 replies).
	Who's Online: View detailed list. (Will open a new window.)

New Posts

New posts

No New Posts

No new posts

Closed Thread

Closed forum

You cannot start new threads - You cannot post replies - You cannot edit your posts

Powered by e107 Forum System

Translate to:

Latest NIST.org news and comments

Internet Explorer XML Exploit Allows Remote Code Execution Posted on:12/14/08

Microsoft Has Released An Extremely Urgent Out of Band Windows Update Posted on:10/23/08

If You Haven't Patched Your DNS Server Yet You're Simply Negligent Posted on:08/06/08

Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable Posted on:06/21/08

Ransomware Will Win The War Posted on:06/16/08

WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too. Posted on:05/01/08

SQL Injections Continue – 100s of Thousands of URL's Infected Posted on:04/28/08

Symantec Raises Threat Level Due To In The Wild Image File Exploits Posted on:04/10/08

SANS Internet Storm Center Starts Monthly Podcast Posted on:04/10/08

FBI Reports Online Crime At All Time High Posted on:04/07/08

Symantec Antivirus ActiveX Vulnerability Posted on:04/06/08

MS Excel "Extremely Critical" Vulnerability Allows Remote Code Execution Posted on:01/18/08

RealPlayer Buffer Overflow Vulnerability – Highly Critical Posted on:01/06/08

Highly Critical and Extremely Critical Vulnerabilities in Lotus Notes and Apple Quicktime Posted on:11/29/07

New Phishing Scam Hitting Hard, No Clicks Required Posted on:11/15/07

Google Ads

NIST Security Books

NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore

Current Security News

SANS Internet Storm Center, InfoCON: green

» Infocon: green

» OSSEC HIDS being detected as malware, (Mon, Jan 5th)
[06 Jan 2009 06:50am]

» UK Police planning to hack citizens' PCs, (Mon, Jan 5th)
[06 Jan 2009 06:44am]

» RAID != Backup, (Sat, Jan 3rd)
[04 Jan 2009 09:09am]

» Twitter/Facebook Phishing Attempt, (Sun, Jan 4th)
[04 Jan 2009 08:45am]

» GazaIsrael Defacements/Hacks, (Sat, Jan 3rd)
[03 Jan 2009 05:08pm]

» Tools on my Christmas list., (Fri, Jan 2nd)
[03 Jan 2009 04:11pm]

» Blocking access to MD5 signed certs, (Fri, Jan 2nd)
[02 Jan 2009 03:07pm]

***
***
CNET News.com - Security

» Fake celeb LinkedIn profiles lead to malware
[06 Jan 2009 12:03pm]

» Hackers hit MacRumors keynote coverage
[06 Jan 2009 11:13am]

» Alarm systems at risk: UL establishes a higher security requirement for magnetic switches
[05 Jan 2009 12:05pm]

» Twitter phishing scam may be spreading
[03 Jan 2009 05:04pm]

» 'Curse of silence' smartphone flaw disclosed
[02 Jan 2009 05:33pm]

» Defense contractors eye cybersecurity bonanza
[01 Jan 2009 07:46pm]

» Photos: Apollo 8's mission round the moon
[30 Dec 2008 03:54pm]

» Web browser flaw could put e-commerce security at risk
[30 Dec 2008 07:15am]

» Microsoft denies vulnerability in Windows Media Player
[29 Dec 2008 07:20pm]

» SF engineer to stand trial in hijacked network
[28 Dec 2008 09:55am]

» Taking the classical approach to security
[24 Dec 2008 07:00am]

» MIT students to help Boston secure subway fare system
[23 Dec 2008 03:09pm]

» Year in review: Scams up, but big Net attack averted
[23 Dec 2008 12:00pm]

» Looking ahead at security trends for 2009
[23 Dec 2008 11:58am]

» Microsoft probing SQL Server vulnerability
[23 Dec 2008 11:43am]

***Computerworld Security News

» Vista's flaws surface again on eve of Windows 7 beta
[05 Jan 2009 10:00pm]

» Appeals court set to rule on Kentucky effort to seize domain names
[05 Jan 2009 10:00pm]

» Google comes in third on top 10 list of spam enablers
[05 Jan 2009 10:00pm]

» Researchers hack into Intel's vPro
[04 Jan 2009 10:00pm]

» Hackers hijack Obama's, Britney's Twitter accounts
[04 Jan 2009 10:00pm]

» Microsoft tells how it missed critical IE bug
[04 Jan 2009 10:00pm]

» More Security News

***

More IT Security
News Feeds

NIST - Books You Need

NIST Bookstore

RSS Feeds

Our forum threads can be syndicated by using these rss feeds.

Add to NetVibes

Add to Bloglines

Add to NewsGator

Add to My Yahoo

Add to Technorati

Subscribe in FeedLounge

Add to ProtoPage

Symantec News

Welcome

Other News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations

Commercial spyware using rootkit techniques to avoid removal

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.