Items Tagged with "Vulnerabilities"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow Vulnerability

August 03, 2012 Added by:Infosec Island Admin

Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Red Flag On Biometrics: Iris Scanners Can Be Tricked

August 02, 2012 Added by:Electronic Frontier Foundation

Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

How to Avoid SQL Injection Attacks

August 02, 2012

"SQL injection is a code injection technique that exploits a vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed...."

Comments  (0)

6d117b57d55f63febe392e40a478011f

DefCon: Dan Tentler Discusses the Power of Shodan

August 02, 2012

Everyone knows routers, switches and servers are connected to the internet - but what else is out there? Has anybody even looked? Some of Dan's Shodan findings were pretty surprising, and these discoveries are an excellent metric for identifying how successful our security campaigns as an industry are...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Kessler-Ellis Products Exploit POC

August 02, 2012 Added by:Infosec Island Admin

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

6d117b57d55f63febe392e40a478011f

BlackHat 2012: Alexander Polyakov on New SAP Vulnerabilities

August 01, 2012

Alexander Polyakov describes a recently discovered and widespread architectural vulnerability which especially targets SAP applications and allows for the bypassing of SAP security restrictions, such as firewalls, even in secure landscapes...

Comments  (0)

Ee5e595fc2be8a24327ce7cefe0f7b2c

A Packet of Risks and a Small Pot of Tea

July 29, 2012 Added by:Christopher Laing

Risks are just circumstances that if they occurred, would have some impact on the business. Naturally risks can potentially disrupt the business, but if identified, planned for, and effectively managed, risks can have a beneficial impact on the business. The key word here is managed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST: Guide to Rating Software Vulnerabilities from Misuse

July 29, 2012 Added by:Headlines

A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...

Comments  (0)

812d096e189ecbac061ebfe343f91e1e

To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Countermeasures, Weather Forecasts, and Security Metrics

July 25, 2012 Added by:Tripwire Inc

Take a look at the things you measure. In particular, take a look at the things that become part of your bonus calculations or your performance reviews. If you are being measured against things that feel more like Tracking Indicators (like a weather forecast), then it’s time to renegotiate your Metrics...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack

July 24, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: OSIsoft Stack-Based Buffer Overflow Vulnerability

July 23, 2012 Added by:Infosec Island Admin

ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

What is Cross-Site Scripting?

July 19, 2012

In a XSS attack, JavaScript might steal session credentials, capture keystrokes or iterate across every form on a page and replace every action so that instead of submitting your username and password to the real application, the JavaScript causes your username and password to be sent to the attacker...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Coders Rights at Risk in the European Parliament

July 18, 2012 Added by:Electronic Frontier Foundation

By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »