NIST Site Search
Google
Web NIST.org
NIST.gov
Product Research

Advertise on this site
Headlines

»Mozilla Releases Firefox 3.6.9
»Apple Releases Safari 5.0.2 and 4.1.2
»Apple Releases iTunes 10
»Google Releases Chrome 6.0.472.53
»Insecure Loading of Dynamic Link Libraries in Windows Applications
»VMware Releases Updates for ESX Service Console Packages
»Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol
»RealNetworks Releases Update to Address Vulnerabilities in RealPlayer
»Cisco Releases Advisories for Unified Communications Manager and Unified Presence
»APWG Fax Back Phishing Education Program

Date published: not known
Details

»T-433: Security Advisory for Adobe Reader and Acrobat
Security Advisory for Adobe Reader and Acrobat
»T-432: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
»T-431: Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
»T-430: Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
»T-429: WaspTime MS-SQL Database instance with blank password for sa account
WaspTime MS-SQL Database instance with blank password for sa account
»T-428: Vulnerability in Help and Support Center
Vulnerability in Help and Support Center
»T-427: VMWare WebAccess Vulnerability
VMWare WebAccess Vulnerability
»T-426: Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
»T-425: Desktop Java running in web browsers
Desktop Java running in web browsers
»T-424: Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
»T-423: Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
»T-422: Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
»T-421: Multiple CACTI Security Vulnerabilities
Multiple CACTI Security Vulnerabilities
»T-420: Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
»T-419: PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability
PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability

Date published: not known
Details

»September issue of VB published
The September issue of Virus Bulletin is now available for subscribers to download.
»ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
»Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
»Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
»94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat.
»Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
»41% of spam sent via Rustock botnet
Botnet spam back after short summer break.
»Avast gets $100m investment boost
Growth equity firm invests in Czech firm
»Computer chip giant buys AV giant
Intel becomes new owner of McAfee for the princely sum of $7.8bn

Date published: not known
Details

»String Of Deals Shows Demand for Cloud-Based Authentication
Acquisitions highlight how authentication-as-a-service is now part of identity and access management ...
»Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are av ...
»Five Ways To Stop Mass SQL Injection Attacks
The best practices for mitigating this popular form of attack often are not being deployed
»IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own ...
»Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely from networked sc ...
»U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year
Small- to midsized businesses taking the biggest hit, experts say, but consumer banking customers co ...
»Product Watch: Verizon, VMware Team Up With Hybrid Cloud Service
New Verizon service offers private public-cloud option
»Could USB Flash Drives Be Your Enterprise's Weakest Link?
The Pentagon last week conceded that a USB flash drive carried an attack program inside a classified ...
»Delaware Contractor Mistakenly Posts Personal Data Of 22,000 Employees
State of Delaware contractor Aon mistakenly posts personal data of 22,000 retirees without randomiza ...

Date published: not known
Details
Newsfeeds
ha.ckers.org web application security lab
  • The Effect of Snakeoil Security

    15 posts left…
    I’ve talked about this a few times over the years during various presentations but I wanted to document it here as well. It’s a concept that I’ve been wrestling with for 7+ years and I don’t think I’ve made any headway in convincing anyone, beyond a few head nods. Bad security [...]

    click to view

  • Browser Detection Autopwn, etc…

    16 posts left…
    I often find myself thinking about egyp7’s DefCon speech last year. He was talking about browser autopwn, which was a relatively new concept at that time being built into Metasploit. Pretty cool technology, and with only one minor mishap he was able to demonstrate it on stage with impressive results. [...]

    click to view

  • The Perils of Speeding up the Browser

    17 posts left until the end…
    A year or so ago I went to go visit the Intel guys at their internal conference that they throw (similar to Microsoft’s Bluehat). I honestly had no idea what to tell a bunch of hardware guys. What correlation does chip manufacturing really have with browsers or webapps. [...]

    click to view

  • Browser Differences, Minutia Et Al…

    18 posts left…
    I got an email last night from someone asking me to do a breakdown of which browser is better, Internet Explorer, Firefox, Opera, Safari and Chrome. First of all, there’s already a pretty good reference that Michal Zalewski put together. Like anything this comprehensive, since it’s not been edited for about [...]

    click to view

  • Throttling Traffic Using CSS + Chunked Encoding

    19 posts left…
    So Pyloris doesn’t work particularly well for port exhaustion on the server, but what if we can exhaust the connections on the client to better meter out traffic? That would make it easier for a MITM to see each individual request if it worked. So I started down a rather complicated path [...]

    click to view

  • Pyloris and Metering Traffic

    20 posts left…
    Pyloris is a python version of Slowloris, and since it is written in python it’s SSL version is thread safe. So what better way to lock up an SSL/TLS Apache install (given that Apache still hasn’t fixed their DoS)? Well, one of the big problems attackers have when trying to decipher [...]

    click to view

  • XSHM Mark 2

    21 posts left…
    If you’re familiar with XSHM this is going to look awfully similar (but better). When a script creates a new popup (or tab) it retains control over where to send it at a later date. I talked about this concept before. But let’s see what else can be done. [...]

    click to view

  • Cookie Clobbering

    22 posts left…
    While thinking about the previous issue and listening to Jeremiah’s preso and talking with the guys at Microsoft I got to thinking about cookie clobbering. Let’s say that Microsoft thinks HTTP cookies overwriting secure cookies is a big enough problem to fix. Let’s walk through the use cases. Let’s say [...]

    click to view

  • MITM, SSL and Session Fixation

    23 posts left…
    It’s been known for a long time that HTTP can set cookies that can be read in HTTPS space because cookies don’t follow the same origin policy in the way that JavaScript does. More importantly, HTTP cookies can overwrite HTTPS cookies, even if the cookies are marked as secure. I started [...]

    click to view

  • Issues with Perspectives

    24 posts left…
    When I told one of my guys about the double DNS rebinding attack, he said, “Well it’s a good thing I use perspectives.” So that was my clue that I had better get familiar with the plugin if people are seriously relying on it for security. In the process we found [...]

    click to view
| Date published: not known
Back to newsfeed list
Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Latest NIST.org news and comments
Google Ads




NIST Site Menu
·Home

NIST Security Books
NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore
Current Security News
 
SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory, (Wed, Sep 8th)
[08 Sep 2010 12:03pm]

» Mozilla Thunderbird updated to version 3.1.3 also, more here: http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 11:46am]

» Patches issued for multiple vulnerabilities in Cisco Wireless LAN Contoller product family, more here: http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Mozilla's SeaMonkey version 2.0.7 released for Security Updates: http://www.seamonkey-project.org/releases/seamonkey2.0.7/, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Firefox Releases Version 3.6.9 and 3.5.12 to fix Security Vulnerabilities: 3.6.9 is http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/ and 3.5.12 is http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 09:56am]

» SSH password authentication insight and analysis by DRG, (Tue, Sep 7th)
[07 Sep 2010 07:59am]

» US Department of Defense and National Policy, (Sun, Sep 5th)
[06 Sep 2010 08:16am]

» What's not to Like about "Like?", (Sat, Sep 4th)
[04 Sep 2010 12:46pm]

» Investigating Malicious Website Reports, (Sat, Sep 4th)
[04 Sep 2010 11:18am]

» Apple Releases Two Security Updates (One for OSX, One for iTunes) : http://support.apple.com/kb/HT4312 and http://support.apple.com/kb/HT4328, (Fri, Sep 3rd)
[03 Sep 2010 01:56pm]
***
CNET News.com

» Adobe warns of zero-day hole in Reader, Acrobat
[08 Sep 2010 11:34am]

» Antivirus isn't dead--it's growing up
[08 Sep 2010 05:00am]

» Mozilla fixes Firefox holes, curtails clickjacking
[08 Sep 2010 04:00am]

» Norton's new Power Eraser goes free
[08 Sep 2010 01:09am]

» Study: Two-thirds of Web surfers fall prey to online crime
[08 Sep 2010 01:01am]

» Trend Micro bets on the cloud
[07 Sep 2010 09:00pm]

» Court allows warrantless cell location tracking
[07 Sep 2010 02:44pm]

» Facebook closes hole that let spammers auto-post to walls, friends
[07 Sep 2010 01:37pm]

» Apple's Ping dinged by spam
[03 Sep 2010 08:01am]

» U.N. exec: Cyberwar could be 'worse than tsunami'
[03 Sep 2010 07:28am]

» Facebook adds new remote log-out security feature
[02 Sep 2010 02:30pm]

» Nigerian scam tops list of decade's online cons
[02 Sep 2010 11:16am]

» India wants local servers from RIM, Google, Skype
[02 Sep 2010 10:45am]

» Twitter plans to record all links clicked
[02 Sep 2010 12:33am]

» China requires cell phone subscriber IDs
[01 Sep 2010 05:40pm]
***
Computerworld Security News

» Hackers exploit new PDF zero-day bug, warns Adobe
[08 Sep 2010 02:09pm]

» Apple ships iOS 4.1, patches FaceTime flaw
[08 Sep 2010 01:16pm]

» Apple matches Mozilla, patches DLL hijacking bug in Safari
[08 Sep 2010 10:55am]

» Mozilla fixes Firefox's DLL load hijacking bug
[08 Sep 2010 04:53am]

» Symantec: Most hacking victims blame themselves
[08 Sep 2010 01:50am]

» Spammers exploit second Facebook bug in a week
[07 Sep 2010 01:58pm]

» More Security News
***


***


More IT Security
News Feeds
More Sponsors

Advertise on this site
NIST - Books You Need

NIST Bookstore
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Add to NetVibes
Add to Bloglines
Add to NewsGator
Add to Google
Add to My Yahoo
Add to My MSN
Add to Technorati
Add to Pluckit
Add to My AOL
Subscribe in FeedLounge
Add to ProtoPage
Symantec News
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
Other News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.