<< Previous Next >>
computer security
I. Background
~~~~~~~~~~~~~
ESET develops software solutions that deliver instant, comprehensive protection
against evolving computer security threats. ESET NOD32® Antivirus, is the flagship
product, consistently achieves the highest accolades in all types of
comparative testing and is the foundational product that builds
out the ESET product line to include ESET Smart Security.
http://www.eset.com/products/eset_performance_advantages.php
Fixed version:
KDE >= 4.3.3
Credit: Tim Brown, Portcullis Computer Security Ltd.
CVE: N/A
Timeline:
1 x11-libs/qt < 3.3.8-r3 >= 3.3.8-r3
Description
===========
Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE
reported multiple format string errors in qWarning() calls in files
qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,
qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp.
Impact
--Saturday, October 4, 2008, 11:49:42 PM, you wrote to bugtraq@securityfocus.com:
clgc> Name : AyeView v2.20 (malformed gif image) DoS Exploit
DoS vulnerability in computer security is blocking legitimate access to
some data or service. What kind of service do you block with this
vulnerability?
--
~/ZARAZA http://securityvulns.com/
Toucan System.
- --[ About Toucan System:
Toucan System is a French computer security company providing
cutting edge
research and security consulting to Fortune 500 as well as smaller companies
globally, thanks to a wide range of expertise ranging from Reverse
Engineering
and binary analysis to cryptography and Risk Management.
Open Source Software
Core Security Technologies
-----
(*) I am a semi-senior exploit writer at Core Security Technologies.
I've being working in computer security for 3 years and I am specialized
in Windows exploits, mostly, and the development of exploit writing
tools. I also developed some exploits for Linux and MacOS X.
Permalink:
http://www.ocert.org/advisories/ocert-2011-002.html
--
Daniele Bianco Open Source Computer Security Incident Response Team
<danbia@ocert.org> http://www.ocert.org
GPG Key 0x9544A497
GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497
On 11-May-09, at 7:29 AM, Juha-Matti Laurio wrote:
> The oldest documented vulnerability in computer security world is
> password file disclosure vulnerability from 1965, found by Mr. Ryan
> Russell.
>
> Open Security Foundation launched a competition in April to find the
> oldest documented data loss incident.
>
flaws in the protocols themselves affecting virtually every existing
implementation. Even in the last couple of years researchers were still
working on security problems in the core protocols.
The discovery of vulnerabilities in the TCP/IP protocols led to reports
being published by a number of CSIRTs (Computer Security Incident Response
Teams) and vendors, which helped to raise awareness about the threats as
well as the best mitigations known at the time the reports were published.
Much of the effort of the security community on the Internet protocols did
not result in official documents (RFCs) being issued by the IETF (Internet
The deadline for submissions is the 15th of November.
* What is Ruxcon?
Ruxcon strives to be Australia's most technical and interesting
computer security conference. We're back for the fifth year
and intend on bringing you another high quality conference.
The conference is held over two days in a relaxed atmosphere,
allowing attendees to enjoy themselves whilst expanding their
knowledge of security.
*SyScan’08 HONG KONG*
To address the increasing importance of information security in Hong
Kong, SyScan will be going to Hong Kong in 2008.
SyScan’08 Hong Kong will provide an opportunity for foreign security
specialists to be exposed to the Hong Kong security community and
collaborate on practical solutions to computer security issues.
Date: May 29th – 30th, 2008.
Venue: To be determined.
*SyScan’08 SINGAPORE*
20-Jun-2011 - Vendor announces release of 10.01.0 Build 0739.
20-Jun-2011 - Disclosure.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
abacus.
On Mon, 11 May 2009 12:39:47 -0400 Dragos Ruiu <dr@kyx.net> wrote:
>On 11-May-09, at 7:29 AM, Juha-Matti Laurio wrote:
>
>> The oldest documented vulnerability in computer security world
>is
>> password file disclosure vulnerability from 1965, found by Mr.
>Ryan
>> Russell.
>>
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security.
By supporting a wide range of platforms FRISK Software protects computer
networks of all sizes, running on diverse platforms. As a result, FRISK
Software provides its customers with comprehensive computer security
solutions.
Description:
A remotely exploitable vulnerability has been found in the files'
Neil Kettle of Digit Security Ltd
About Digit Security Ltd
----------------------------------
Digit Security is a computer security consultancy based in the United
Kingdom, albeit with a slight difference. The company is a co-operatively
controlled entity comprised of professionals who are experts in their
respective fields. Thus, as a corollary, nearly everyone at Digit Security
is a both a Consultant, Developer and a Director.
Hackito Ergo Sum conference will be held from April 8th to 10th 2010
in Paris, France.
It is part of the series of conference "Hacker Space Fest" taking
place since 2008 in France and all over Europe.
HES2010 will focus on hardcore computer security, insecurity,
vulnerability analysis, reverse engineering, research and hacking.
INTRO
The goal of this conference is to promote security research, broaden
public awareness and create an open forum so that communication
[Snip]
I. Background
~~~~~~~~~~~~~
ESET develops software solutions that deliver instant, comprehensive protection
against evolving computer security threats. ESET NOD32® Antivirus, is the flagship
product, consistently achieves the highest accolades in all types of
comparative testing and is the foundational product that builds
out the ESET product line to include ESET Smart Security.
http://www.eset.com/products/eset_performance_advantages.php
** What is No cON Name 2007 **
This congress is thought for system and network administrators,
programmers, experts and/or security auditors, and also independent
self-taught computer security experts.
All of them with the same objective: to share and understand new and
different systems that actually form the world networks.
Their motivation is curiosity and the need to read again the information
discoveries about computer network hack attacks will be presented at
the seventh annual PacSec conference to be discussed.
The PacSec meeting provides an opportunity for foreign specialists to
be exposed to Japanese innovation and markets and collaborate on
practical solutions to computer security issues. In an informal
setting with a mixture of material bilingually translated in both
English and Japanese the eminent technologists can socialize and
attend training sessions.
Announcing the opportunity to submit papers for the PacSec 2009
12-Oct-2009 - Notified vendor. No response.
04-May-2011 - Disclosure.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
Logic.
=====[ About Kryptos Logic
Kryptos Logic is a group of talented computer security experts
from around the globe that has coalesced into a highly effective
team. New ideas and derivatives of existing products are
constantly created. We provide a wide range of security products
ranging from binary analysis tools and security research kits to
anti-piracy and digital rights management software. We also
attack-related research to your peers in the industry and in the
academia, act now :-)
http://www.usenix.org/events/woot11/cfp/
Progress in the field of computer security is driven by a symbiotic
relationship between our understandings of attack and of defense. The
USENIX Workshop on Offensive Technologies (WOOT) aims to bring
together researchers and practitioners in systems security to present
research advancing the understanding of attacks on operating systems,
networks, and applications.
--- U21 category:
We don't take the age so serious as it might sound but this category is
especially for young security researchers who are *not* working in a
professional sense yet, e.g. (full-time) students, or attending college,
technical school or just interested in computer security. We will also
accept submissions if you are a little bit older than 21 years.
Don't be shy if your idea is not groundbreaking or not the top
vulnerability discovered in the last 5 years. There's always room for
some extra hacking. :)
We want to encourage you to submit your *own* research.
--- U21 category:
We don't take the age so serious as it might sound but this category is
especially for young security researchers who are *not* working in a
professional sense yet, e.g. (full-time) students, or attending college,
technical school or just interested in computer security. We will also
accept submissions if you are a little bit older than 21 years.
Don't be shy if your idea is not groundbreaking or not the top
vulnerability discovered in the last 5 years. There's always room for
some extra hacking and we'd be happy to provide a basis for
breakthroughs. :)
attacks will be presented at the ninth annual PacSec conference to be
discussed.
The PacSec meeting provides an opportunity for foreign specialists to be
exposed to Japanese innovation and markets and collaborate on practical
solutions to computer security issues. In an informal setting with a mixture
of material bilingually translated in both English and Japanese the eminent
technologists can socialize and attend training sessions.
Announcing the opportunity to submit papers for the PacSec 2011 network
security training conference. The conference will be held November 9/10th in
For more information on CVSS scoring, please see the Knowledge Base
Article, “Security Advisories Severity Rating” at
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Credits:
RSA would like to thank Tim Brown of Portcullis Computer Security Ltd for
reporting this issue.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at
https://knowledge.rsasecurity.com and click Products in the top navigation
I. Background
~~~~~~~~~~~~~
Quote: "Founded in 1991, with corporate offices in Europe, the US
and the UK, AVG is focused on providing home and business computer
users with the most comprehensive and proactive protection against
computer security threats.
With more than 80 million active users around the world, the AVG
family of security software products is distributed globally through
resellers and through the Web and supports all major operating
systems and platforms."
** What is No cON Name 2007 **
This congress is thought for system and network administrators,
programmers, experts and/or security auditors, and also independent
self-taught computer security experts.
All of them with the same objective: to share and understand new and
different systems that actually form the world networks.
Their motivation is curiosity and the need to read again the information
We'd like to thank Squiz for their exceptional response time in
responding to, and addressing, these issues.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
available at http://www.usenix.org/woot09/cfpa
WOOT'09 aims to bring together researchers and practitioners in system
security to present research advancing the understanding of attacks on
operating systems, networks, and applications. WOOT seeks submissions
that reflect the state of the art in offensive computer security
technology--either surveying previously poorly known areas or presenting
entirely new attacks. We welcome papers on offensive technologies,
including but not limited to:
- Vulnerability research (software auditing, reverse engineering)
<<Previous Next>>
|
