NIST IT Security: Search

NIST Site Search

Product Research

Advertise on this site

Headlines

eEye Digital Security - Zero-Day Tracker

»	Mac OS X ARDAgent Local Privilege Escalation ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell ...
»	Creative Software AutoUpdate Engine ActiveX stack buffer overflow The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic updat ...
»	Internet Connection Sharing DoS A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft ...
»	RPC Memory Exhaustion The three referenced exploits take advantage of an inherent problem in RPC, in which an attacker get ...

Date published: Thu, 28 Aug 2008 02:05:00 PST
Details

GCN.com IT Security News

»	Report: Lab certifying voting equipment failed to meet requirements The National Voluntary Laboratory Accreditation Program has accused SysTest Labs of not meeting the ...
»	Scott Vanstone \| Cryptography thrown an elliptic curve GCN Interview: One of the inventors of elliptic curve cryptography talks about ECC’s emerging r ...
»	Cybereye \| The threats ahead Infrastructure networking technology figures to be the hot topic during the next year when it comes ...
»	Cyber chief argues for new approaches STRATCOM commander proposes switch to white listing, more sensors and greater training and accountab ...
»	NETCOM commander weighs in on security Brig. Gen. Susan Lawrence, speaking at the 2008 LandWarNet Conference, said that data and network se ...
»	Army cyber ops faces forensic backlog Col. Barry Hensley spoke at the 2008 LandWarNet Conference, regarding the challenge of conducting fo ...
»	NIST releases draft revision of guidelines for authorizing operation IT systems Publication is part of an interagency project to harmonize C&A process across civilian, military ...
»	Layer 3 support for PDAs Array Networks offers Layer 3 VPN support for Windows Mobile devices and other PDAs.

Date published: Tue, 26 Aug 2008 20:39:27 GMT
Details

US-CERT Current Activity

»	SSH Key-based Attacks
»	Microsoft Revised Security Bulletin MS08-051
»	Red Hat Releases OpenSSH Security Update
»	Malware Circulating via Russia/Georgia Conflict Spam Messages
»	Opera Releases Version 9.52
»	Webex Meeting Manager ActiveX Control Vulnerability
»	Joomla! Password Reset Vulnerability
»	Apple MobileMe Phishing Scam
»	Microsoft Releases August Security Bulletin
»	Microsoft Releases Advanced Notification for August Security Bulletin

Date published: not known
Details

SecurityFocus News

»	News: Online intruders hit Red Hat, Fedora Project Online intruders hit Red Hat, Fedora Project
»	News: Researchers race to zero in record time Researchers race to zero in record time
»	News: Gov't charges alleged TJX credit-card thieves Gov't charges alleged TJX credit-card thieves >> Advertisement << Can y ...
»	News: Poisoned DNS servers pop up as ISPs patch Poisoned DNS servers pop up as ISPs patch
»	Brief: Denial, hype cloud report of Best Western breach Denial, hype cloud report of Best Western breach

Date published: not known
Details

ha.ckers.org web application security lab

»	Timing Precision If you’ve been watching the Olympics you might have see the pretty amazingly close call betwee ...
»	MySQL Truncation Etc… Stefan Esser has a really good article about how MySQL and SQL truncate columns which can lead to se ...
»	HTML 5.0 On good authority I was told to take a good hard look at the newly proposed HTML 5.0 spec that’ ...
»	MSN IP Search I’ve been meaning to write something about this for a while now, and a number of people have k ...
»	Firefox Security Model Growth Okay, I can bet I’m going to get a lot of flack for this post, so before I start, this is only ...
»	History Hack Male vs. Female and Beyond Strangely enough there’s been a ton of things happening in the CSS history hacking world latel ...
»	Private Investigator or Forensics Expert What do I have in common with Magnum PI? What does id have in common with Dog the Bounty Hunter? W ...
»	WebAppSec Survey Time Plus A Fast Approaching DefCon and Blackhat Yup, it’s about that time again. Jeremiah has put up yet another webappsec professional surve ...
»	Redirection Report Brian Krebs had an interesting report over at the Washington Post that cited a report from Indiana.e ...
»	Dialogs Of Doom So maluc and I went down the rabbit hole (again) looking for ways to screen scrape across domains us ...

Date published: not known
Details

Tech Insider

»	Powering Down?
»	'YouTubing' Training Games
»	U.S. Losing E-Gov Race
»	Meyerrose to Leave ODNI
»	Can You Trust Your Database?
»	Internet Search: When More is Less?
»	Malicious Thumb Drives in Justice
»	Time for a Handheld Project Post Mortem
»	Hot Insider Entries
»	GSA becomes first civilian agency to implement IPv6
»	Speculation: Meyerrose to Leave ODNI
»	Paperless government? Only sometimes.
»	Army CIO predicts two years of uncertainty in IT program funding
»	British hacker’s extradition to U.S. held up
»	The New Dynamics of Cyber War

Date published: not known
Details

CIAC Updates

»	S-371: CupsSYS Vulnerabilities Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The ...
»	S-370: Afuse Vulnerability It was discovered that afuse, an automounting file system in user-space, did not properly escape met ...
»	S-369: BlackBerry Attachment Service PDF Distiller Vulnerability The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerabilit ...
»	S-368: RealNetworks Vulnerabilities RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a ...
»	S-367: Oracle Weblogic Apache Connector Vulnerability An exploit has been public which may impact the availability, confidentiality or integrity of WebLog ...
»	S-366: Gaim Vulnerability It was discovered that Gaim, an multi-protocol instant messaging client, was vulnerable to several i ...
»	S-365: Ruby 1.8 Vulnerabilities Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lea ...
»	S-364: ClamAV Vulnerabilities A vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The w ...
»	S-363: libexslt Vulnerability It was discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution ...
»	S-362: OpenSC It was discovered that OpenSC, a library and utilities to handle smart cards, would initialise smart ...
»	S-361: Oracle Critical Patch Update - July 2008 Oracle has released a critical patch update for multiple security vulnerabilities. The risk is MEDI ...
»	CIACTech08-003: Understanding Cross-Site Scripting (XSS) Cross-Site Scripting has become an increasingly prevalent attack vector that can be leveraged to per ...
»	CIACTech08-002: Understanding Windows Hash Dumpers and Crackers Windows hash dumping tools are often spotlighted as hacker tools that can somehow magically extract ...
»	CIACTech08-001: Understanding PHP Exploits Many websites use the PHP programming language to build web pages on the fly from individual files a ...
»	CIACTech07-001: MOICE - Microsoft Office Isolated Conversion Environment A common cyber attack is to send a user an Office document (Word, Excel, PowerPoint) containing mal ...

Date published: not known
Details

Search NIST IT Security

Results 1 - 10 of 12 in Content

NIST FIPS 140-2
...dules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards. Download the complete NIST FIPS 140-2. Plea...
Posted on Wednesday 15 November 2006 - 20:44:06 in

NIST FIPS 197 - Advanced Encryption Standard (AES)
NIST announced the approval of FIPS 197 Advance Encryption Standard (AES) November 2001. AES specifies the Rijndael encryption algorithm as a FIPS-ap...
Posted on Saturday 21 January 2006 - 22:00:00 in

NIST SP 800-73 Interfaces for Personal Identity Verification
...ors, Federal Information Processing Standard 201 (FIPS 201) was developed to establish standards for identity credentials. This document, Special Publ...
Posted on Monday 06 February 2006 - 22:00:00 in

NIST FIPS 201 Personal Identity Verification (PIV)
...t information systems. Download the complete NIST FIPS 201 Please use the NIST.org Forum to ask questions or discuss this document. The belo...
Posted on Monday 06 February 2006 - 22:00:00 in

Federal Information Processing Standards (FIPS)
With the passage of the Federal Information Security Management Act (FISMA) of 2002 all Federal Information Processing Standards (FIPS) are now manda...
Posted on Sunday 22 January 2006 - 16:44:21 in

Guide to NIST Computer Security Documents
In order to make NIST information security documents more accessible, especially to those just entering the security field or with limited needs for t...
Posted on Monday 30 April 2007 - 19:58:26 in

NIST SP 800-48 Revision 1, Wireless Network Security for IEEE 802.11a/b/g and Bluetooth
...port for Federal Information Processing Standard (FIPS) validated cryptographic algorithms. Therefore, NIST recommends that organizations with existin...
Posted on Tuesday 07 August 2007 - 22:00:00 in

NIST SP 800-78 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
...es for PIV systems and is a companion document to FIPS 201. Download the entire NIST SP 800-78 PDF You may use the NIST.org Forum to ask question...
Posted on Monday 06 February 2006 - 22:00:00 in

Important HSPD-12 Documents and Links
... how to implement it *OMB Memorandum M-05-24 *FIPS 140-2 *FIPS 201 NIST Special Publictions *NIST SP 800-73 *NIST SP 800-76 *NIST...
Posted on Sunday 05 February 2006 - 22:00:00 in

NIST SP 800-76 Biometric Data Specification for Personal Identity Verification
...ractors, Federal Information Processing Standard (FIPS 201), was developed to establish standards for identity credentials. This document, Special Pub...
Posted on Monday 30 January 2006 - 22:00:00 in

Go to page >>

Results in Links

No matches found

Results 1 - 10 of 20 in News

GSA Awards Large Contracts for 10 Encryption Products
... “data at rest”. All 10 products use NIST.gov FIPS 140-2 validated encryption modules. You will be hearing much more about these products in the c...
Posted on Wednesday 20 June 2007 - 22:52:35

Evidence that Encrypting Data is the Easy Part
...a, classified, data, top, secret, key, truecrypt, fips, 140-2, fbi, keylogger, chi, mak, tai, security, china, aes, aes256, aes128, blowfish, CAST5, s...
Posted on Friday 25 May 2007 - 15:27:08

NIST.gov releases RFID Security Publication and a NIST Security Table of Contents
..., sp, special, publication, table, contents, 800, fips@@@ NIST.gov has released NIST Special Publication (SP) 800-98, Guidelines for Securing Ra...
Posted on Tuesday 01 May 2007 - 05:56:20

U.S. Government Agencies Banning Microsoft Vista
...curity, moratorium, nist, gov, dot, faa, federal, fips, aviation, administration, office, 2007, google, apps, ocio@@@ In what turning out to be...
Posted on Tuesday 13 March 2007 - 21:56:36

NSA Posts Notice on ‘Suite B’ encryption
...ough the Federal Information Processing Standard (FIPS) 201 for identity cards makes no specific reference to it, said Brendan Ziolo, marketing direct...
Posted on Monday 12 December 2005 - 22:39:27

FISMA guidance nearly complete
...ct, guidance, guidelines, compliance, omb, a-130, fips, 200, standard, processing, requirement@@@ The publication, titled “Guide for Assessing...
Posted on Thursday 01 December 2005 - 04:25:48

NIST to set up Web site for products being FIPS-201-tested
NIST.GOV will be posting test results vendor smart cards and readers to see whether they conform to Federal Information Processing Standard-201 and NI...
Posted on Wednesday 30 November 2005 - 15:50:12

NIST.gov releases draft of Wireless Network Security for IEEE 802.11a/b/g and Bluetooth
...tute, standards, ieee, access point, adhoc, WPAN, fips, encryption, wpan, wlan, wman, wwan@@@ Draft SP 800-48 Revision 1 provides an overview of...
Posted on Wednesday 08 August 2007 - 06:17:10

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations
...s - the Federal Information Processing Standards (FIPS), the National Institute of Standards and Technology (NIST) "Recommended Security Controls for ...
Posted on Sunday 13 May 2007 - 15:19:25

SANS.org SOHO Backups and Encryption article
...ould be mentioned, though TrueCrypt offers a NIST FIPS approved algorithm (AES) the application is not on the NIST.gov Advanced Encryption Standard Al...
Posted on Monday 11 September 2006 - 17:05:55

Go to page >>

Results in Forum

No matches found

Results in Comments

No matches found

Results in Other Pages

No matches found

Results in Bugtracker2

No matches found

Translate to:

Latest NIST.org news and comments

If You Haven't Patched Your DNS Server Yet You're Simply Negligent Posted on:08/06/08

Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable Posted on:06/21/08

Ransomware Will Win The War Posted on:06/16/08

WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too. Posted on:05/01/08

SQL Injections Continue – 100s of Thousands of URL's Infected Posted on:04/28/08

Symantec Raises Threat Level Due To In The Wild Image File Exploits Posted on:04/10/08

SANS Internet Storm Center Starts Monthly Podcast Posted on:04/10/08

FBI Reports Online Crime At All Time High Posted on:04/07/08

Symantec Antivirus ActiveX Vulnerability Posted on:04/06/08

MS Excel "Extremely Critical" Vulnerability Allows Remote Code Execution Posted on:01/18/08

RealPlayer Buffer Overflow Vulnerability – Highly Critical Posted on:01/06/08

Highly Critical and Extremely Critical Vulnerabilities in Lotus Notes and Apple Quicktime Posted on:11/29/07

New Phishing Scam Hitting Hard, No Clicks Required Posted on:11/15/07

RealPlayer Extremely Critical Vulnerability Posted on:10/24/07

Transient Electromagnetic Devices (TEDs) Can Threaten Our IT Infrastructure Posted on:10/12/07

Download Firefox

NIST.org Recommends Firefox. It's free and more secure.

Google Ads

NIST Security Books

NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore

Current Security News

SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Active attacks using stolen SSH keys, (Tue, Aug 26th)

» Podcast Episode X Record Notice, (Tue, Aug 26th)

» The Latest in Crimeware, (Mon, Aug 25th)

» Thoughts on the Best Western Compromise, (Mon, Aug 25th)

» Warning, it's not from us., (Sun, Aug 24th)

» SQL injections - an update, (Sat, Aug 23rd)

» RedHat compromise sparks a Critical openssh security update, (Fri, Aug 22nd)

***Dark Reading: Dark Reading News Analysis

» Report: Popular Web Attacks Go Stealth
[27 Aug 2008 03:45pm]

» Microsoft Offers Details on Privacy Features in IE8
[27 Aug 2008 02:46pm]

» The Seven Deadliest Social Networking Hacks
[26 Aug 2008 05:40pm]

» Best Western Denies Report of Massive Data Breach
[25 Aug 2008 02:55pm]

» Life Insurer Takes New Approach to Two-Factor Authentication
[22 Aug 2008 02:32pm]

» Survey: Mid-Sized Firms Shape Up for Security
[22 Aug 2008 07:55am]

***CNET News.com - Security

» Rising fraud threats in virtual worlds
[27 Aug 2008 05:26pm]

» Security hole opens up password protected iPhones
[27 Aug 2008 03:15pm]

» IE 8 beta gives other browsers a run for their money
[27 Aug 2008 02:33pm]

» Become a remote spy with Swann's new wireless camera
[27 Aug 2008 01:41pm]

» Space: The final frontier for computer viruses
[27 Aug 2008 12:53pm]

» Google Earth shows cows point north
[27 Aug 2008 11:02am]

» Firefox extension protects against man-in-the-middle attacks
[26 Aug 2008 05:53pm]

» Amex, Royal Bank of Scotland, NatWest customer details sold on eBay
[26 Aug 2008 11:57am]

» Ubuntu issues security patch for kernel flaw
[26 Aug 2008 10:42am]

» IE 8 to include private browsing feature
[25 Aug 2008 04:39pm]

» Data on 84,000 U.K. prisoners is lost
[25 Aug 2008 08:08am]

» Google making SSL changes, other sites quiet
[22 Aug 2008 04:41pm]

» Red Hat, Fedora servers compromised
[22 Aug 2008 12:29pm]

» Phreaker calls buddies overseas on U.S. government dime
[22 Aug 2008 10:12am]

» Brazilian charged in U.S. in connection with operating botnet
[21 Aug 2008 06:09pm]

***Computerworld Security News

» Terror threat system crippled by technical flaws, says Congress
[27 Aug 2008 07:00am]

» Malware infects space station laptops
[27 Aug 2008 07:00am]

» The key to data security: Separation of duties
[27 Aug 2008 07:00am]

» Apple forgets to fix iPhone passcode bug
[27 Aug 2008 07:00am]

» Judge lets privacy advocate keep Social Security numbers on Web site
[27 Aug 2008 07:00am]

» Qualified Security Assessors are not created equal
[27 Aug 2008 07:00am]

» More Security News...

***

More IT Security
News Feeds

NIST - Books You Need

NIST Bookstore

RSS Feeds

Our news can be syndicated by using these rss feeds.

Add to NetVibes

Add to Bloglines

Add to NewsGator

Add to My Yahoo

Add to Technorati

Subscribe in FeedLounge

Add to ProtoPage

Symantec News

Welcome

Other News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations

Commercial spyware using rootkit techniques to avoid removal

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. W