<< Previous Next >>
computer systems
your sites, etc. (Wow!!).
Opera Unite comes bundled with a bunch of standard services such as Fridge
(Notes), The Lounge (chatroom), etc. It is important to understand that
these services have two distinct views. One view is of the Service Owner,
who installs, customizes and runs these services on his or her computer. The
service owner and the computer running these services have associated
identifiers. By default, computer name is "home". So, your administrative
homepage is http://admin.home.uid.operaunite.com/. Remember that even though
the protocol of communication looks like http, it is not. Opera relays all
traffic using a proprietary ucp protocol (encrypted) to asd.opera.com and
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-052
August 7, 2009
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates Unicenter Software Delivery
-- TippingPoint(TM) IPS Customer Protection:
From: Scotty [mailto:scott.nielsen@usu.edu]
Sent: Monday, July 27, 2009 4:35 PM
To: McDonnell, Michael
Cc: Choon Ming; bugtraq@securityfocus.com;
full-disclosure-bounces@lists.grok.org.uk
Subject: Re: computer crime statistics
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
-----Original Message-----
From: Scotty [mailto:scott.nielsen@usu.edu]
Sent: Monday, July 27, 2009 2:35 PM
To: McDonnell, Michael
Cc: Choon Ming; bugtraq@securityfocus.com; full-disclosure-bounces@lists.grok.org.uk
Subject: Re: computer crime statistics
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
Apologies if you receive multiple copies of this message.
5th European Conference on Computer Network Defence (EC2ND)
12-13 November 2009, Politecnico di Milano, Milano, Italy
http://2009.ec2nd.org/
*** Call for Papers ***
The 5th European Conference on Computer Network Defence
will take place in November 2009 at the Politecnico di Milano technical
Apologizes for cross-posting.
==============================================
5th European Conference on Computer Network Defence (EC2ND)
12-13 November 2009, Politecnico di Milano, Milano, Italy
http://2009.ec2nd.org/
*** Call for Papers ***
Dear all,
the deadline for the submission of papers has been extended.
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series and be available in the IEEE online Digital Library.
Please excuse possible cross-postings.
========================================================================
=
========================================================================
Call for Papers: ACM CCS WORKSHOPS
co-located with the
16th ACM Conference on Computer and Communications Security (CCS)
2009
Nov. 9, 2009 - Nov. 13, 2009 -- Chicago, IL, USA
http://www.sigsac.org/ccs/CCS2009/
======================================================================
Call for Papers:
16th ACM Conference on Computer and Communications Security (CCS) 2009
Nov 9 - 13, 2009: Hyatt Regency Chicago, IL, USA
http://sigsac.org/ccs/CCS2009
======================================================================
Important Dates:
do not have to be given an account on the machine for them to shut it
down.
This is helpful when an admin can not get to a machine that has to be
gracefully shutdown because of an impending power outage or
thunderstorms. This can be a home computer, a computer in a dorm
room, a server in a hosting environment etc.
This is also very helpful in a kiosk environment where no one at the
place can be trusted with usernames and passwords to the computer.
-- CVE ID:
CVE-2008-2541
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates eTrust Secure Content Manager
-- TippingPoint(TM) IPS Customer Protection:
-- CVE ID:
CVE-2008-2541
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates eTrust Secure Content Manager
-- Vulnerability Details:
-- CVE ID:
CVE-2008-2541
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates eTrust Secure Content Manager
-- Vulnerability Details:
-- CVE ID:
CVE-2008-2541
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates eTrust Secure Content Manager
-- TippingPoint(TM) IPS Customer Protection:
the primary function of collecting data and providing an interface to
control equipment such as Programmable Logic Controllers (PLCs), Remote
Terminal Units (RTUs) etc. with an integrated Human Machine Interface
(HMI) / SCADA solution to deliver a scalable and reliable control and
monitoring system. The system is composed by software installed on
standard computer equipment running on commercial-of-the-shelf Microsoft
Windows operating systems.
A vulnerability was found in CitectSCADA that could allow a remote
un-authenticated attacker to force an abnormal termination of the
vulnerable software (Denial of Service) or to execute arbitrary code on
Found on: Tuesday May 6, 2008
Discovered by: fRoGGz [SecuBox Labs]
-===[ Background ]============================================-
The Returnil Virtual System is a powerful virtualization
technology that completely mirrors your actual computer
setup. The RVS provides an altogether different and highly
complimentary level of defense. It's designed to protect
your computer from all types of software, downloads,
websites that might harbor viruses, spyware and other
malicious programs. Returnil virtualization technology
-- CVE ID:
CVE-2008-2241
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates BrightStor ARCserve Server
-- TippingPoint(TM) IPS Customer Protection:
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
Recently, David Litchfield asked me to help him out a bit with a research project he was working on by having me set up a network capture in my DMZ to log SQL Slammer attacks. I don't publish any services here at my Santa Cruz facility (meaning there are no required inbound protocols and no references in DNS anywhere) so I figured it would be nice "quiet" circuit to use for testing. I basically port-forwarded UDP 1434 to a laptop in my DMZ running NetMon3 also filtering for UDP 1434. After about 4 days of running NetMon, I had captured almost 30 (verified) random SQL Slammer attacks. What I found interesting was that every single one of them was sourced in China (all from different addresses).
Now, it's not my intent to start some geopolitical debate here, but I've long heard about how some people would block entire countries at the border in order to obviate issues with malicious traffic. There are obviously some issues with this (both from a technical and potential customer standpoint) so I set out to do a bit of research on my own. First thing I found out was that if one does decide to block entire countries, that it's going to be a bit of work from a rule standpoint. Sure, if I wanted to block all of China I could block APNIC, but that would block WAY more than I would want. So I set about finding a good resource for country-by-country IP ranges. Fortunately, Wade Alcorn, one of my colleagues at NGSSoftware turned me on to one that seemed pretty decent (there are a few around, though). But finding the resource was just the beginning... The list I got included 234 countries, comprised by almost 100,000 records of IP ranges.
Making a firewall rule to block China, for instance, would require entering in almost 600 IP ranges - so the "manual" route was clearly out. The thing is, I just didn't want to block countries without more research, so I needed a way to gather some statistics first. Enter ISA Server - as many of you know, I'm a big fan of ISA - it's a true enterprise security product with great scripting capabilities, so I set to work creating an automated method by which to create computer sets in ISA for each country. Basically, I created a SQL database and loaded all the records into it - I then wrote a little COM app to reach out and grab the data by countries, create the sets in ISA, and loop through the different ranges of IP's to add them to the set. It worked great.
This accomplished two things - one, I now have full detailed computer sets for each country to do with as I please. Secondly, I have an excellent way of producing detailed reports for traffic analysis in ISA- this was key. With data collection points set up at different places around the world, I was able to capture 3.1 million inbound connection attempts. The results were quite interesting. While China still led with connection attempts overall, it was interesting to see that Canada was a close second. However, while China's traffic consisted of SQL Slammer, HTTP, SMTP, probes for GhostProxy, etc, almost all of Canada's traffic was MESSENGER spam (UDP 1026,1027,1208). The world leader for HTTP was Brazil, strangely enough. Now, all of this will change based on who and where you are, and the types of services being offered. For example, I only got 5 SMTP connection attempts to my cable modem in a week, but my ISP in BM got hundreds of thousands (understandably) in the same time period. I'll whip up some cool reports for what I found and post them once I get some more data in from different collection points, but the valuable outcome of the project was the creation of these individual country-by-country Computer Sets for ISA.
Beforehand, I had no real way of easily and effectively reporting on traffic patterns by source country. Whether you can or can't block entire countries is your business, but at least this affords someone an easy way of doing research. You may not be able to (or even want) to block HTTP from China, but you very well may want to block SMTP - with ISA and computer sets, you can easily do this. Even if you don't block anything at all, you can use the sets to get rich reports of what kind of traffic your are getting from a particular country. While the validity of the practice of blocking entire countries (or particular protocols for that matter) may be up for debate, you now at least have the option to make your own decision based on factual information - to be sure, you've always been able to do this obviously, it's just been my experience that maintaining rule lists by country/protocol has been quite difficult and time consuming.
I've exported every countries entire list to ISA 2006 .XML format, and have posted them on the HoG site for community use. Since I've automated the Set creation process, I'll be updating the sets each month or so to ensure that changes are processed correctly. I would like to thank NGSSoftware for purchasing the required business services to receive the updates - their donation makes it possible for me to give you updated sets for free.
submitting a gadget seem to be a Windows Live ID:
Unverified submission.
Only install applications from developers you trust. This is a third-party
application, and it could access your computer's files, show you
objectionable content, or change its behavior at any time.
and you've got things there like:
http://gallery.live.com/liveItemDetail.aspx?li=8214ecc3-bf7e-4502-9702-9cf7cfe8aa99&bt=1&pl=1
submitting a gadget seem to be a Windows Live ID:
Unverified submission.
Only install applications from developers you trust. This is a third-party
application, and it could access your computer's files, show you
objectionable content, or change its behavior at any time.
and you've got things there like:
http://gallery.live.com/liveItemDetail.aspx?li=8214ecc3-bf7e-4502-9702-9cf7cfe8aa99&bt=1&pl=1
** What is No cON Name 2007 **
This congress is thought for system and network administrators,
programmers, experts and/or security auditors, and also independent
self-taught computer security experts.
All of them with the same objective: to share and understand new and
different systems that actually form the world networks.
Their motivation is curiosity and the need to read again the information
** What is No cON Name 2007 **
This congress is thought for system and network administrators,
programmers, experts and/or security auditors, and also independent
self-taught computer security experts.
All of them with the same objective: to share and understand new and
different systems that actually form the world networks.
Their motivation is curiosity and the need to read again the information
Of course you do, I can't blame you or your company. But let's be serious
here for a moment, wishing that you're the queen of England doesn't make
it so.
> Forensic examiners will inevitably come across corrupted data on target systems from time to time; and in standard computer forensics training, including classes offered by Guidance Software, examiners are trained to account for such issues. In addition, while Guidance Software maintains a robust in-house quality assurance process and strives to make our software as stable as possible, no software is completely crash-proof and there will always be anomalies, particularly involving extreme scenarios of corrupted target data.
Did you really just turn the shoddiness of your application into a
training opportunity?
Original URL:
http://securityreason.com/achievement_securityalert/81
- --- 0.Description ---
Mac OS is the trademarked name for a series of graphical user interface-based operating systems developed by Apple Inc. (formerly Apple Computer, Inc.) for their Macintosh line of computer systems. The Macintosh user experience is credited with popularizing the graphical user interface. The original form of what Apple would later name the "Mac OS" was the integral and unnamed system software first introduced in 1984 with the original Macintosh, usually referred to simply as the System software.
- --- 1. MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ---
The main problem exist in dtoa implementation. MacOS X has the same dtoa as OpenBSD, NetBSD etc. This problem affects not only libc/gdtoa. Affected is also strtod(3) function.
For more information, please see SREASONRES:20090625.
8.1. *URLMON sniffing vulnerability*
In CoreLabs Security Advisory CORE-2008-0826 [2] a vulnerability that
allowed attackers to gain access to any file on the local filesystem of
a computer running vulnerable versions of Internet Explorer was
disclosed. During the vulnerability reporting process Core provided
Proof-of-Concept code to the vendor that successfully exploited the bug
on Internet Explorer 8 which at the time was deemed not vulnerable by
Microsoft because the bug had been patched prior to RTM. Upon further
investigation, the vendor determined that the proof-of-concept provided
July 9, 2010
--------------------------------------------------------------
EC2ND 2010
6th European Conference on Computer Network Defense
28-29 October 2010, Berlin, Germany
http://2010.ec2nd.org
Final Call for Papers
the two sessions so that when I logged out of the phone based session to
m.facebook.com, I was also logged out of my web based session as well.
Even more interesting is that trying to login to facebook on two
separate browser sessions won't work. I.e. if I login to facebook on one
computer, and then login again on another computer, or on the same
computer in a different browser (i.e. firefox for one session and i.e.
for another), then the first session is dropped, which is good.
However, having a web browser based session, and a phone browser based
session, doesn't seem to matter to facebook and I can have both open at
<<Previous Next>>
|
