| New User, Welcome! Login |
<< Previous Next >>
security
standards? Also, once the ISO standard is defined, how will new open
source contributions be incorporated?
Pete Herzog wrote:
> The security community may be interested in this:
>
> The New ISO Hacking Standard
>
> New York, May 17, 2010 -- The world’s national standards bodies met
> again during April, this time in Malaka, Malaysia and they extended
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2007 Hewlett-Packard Development Company, L.P.
- CVE-2012-0013 [2]
- MS12-005 [3] Vulnerability in Microsoft Windows Could Allow Remote
Code Execution (2584146)
- KB2584146 [4] MS12-005: Vulnerability in Microsoft Windows could allow
remote code execution: January 10, 2012
- SSD: [5] SecuriTeam Secure Disclosure program
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Office 2007 SP2 running on both
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
Acknowledgement: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of LoadRunner v9.50 or subsequent.
Note: Starting with version 9.50 LoadRunner has provided a documented feature called Secure Channel. Secure Channel prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Channel is disabled by default.
There are detailed instructions regarding Secure Channel in the HP LoadRunner Controller User's Guide. See the chapter 'Secure Host Communication'. The chapter sections 'Local Security Configuration' and 'Remote Security Configuration' have instructions to enforce secure communication using the Secure Channel feature. Using Secure Channel involves both enabling the Secure Channel feature and setting the security key.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Cisco IOS Secure Copy Authorization Bypass Vulnerability
Advisory ID: cisco-sa-20070808-scp
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Security Manager Vulnerability
Advisory ID: cisco-sa-20090121-csm
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml
Revision 1.0
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
* IP Security (IPsec) Remote Access and Site-to-site VPNs
* Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-3817.
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
=
=
=
=
========================================================================
Workshop on Secure Execution of Untrusted Code (SecuCode 2009)
http://www.docomoeurolabs.de/secucode
The workshop aims at bringing together researchers and practitioners
from industry and academia working on the protection of software
systems against untrusted code. Untrusted applications should only
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01633084
Version: 1
HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-04-20
Last Updated: 2009-04-20
Acknowledgment: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of HP Performance Center v9.50 or subsequent.
Note: Starting with version 9.50 HP Performance Center has provided a documented feature called Secure Communication. Secure Communication prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Communication is disabled by default.
There are detailed instructions regarding Secure Communication in the HP Performance Center System Configuration and Installation Guide. See the 'Configuration' chapter, 'Recommended Configuration' section. The chapter section 'Configuring Host Security Settings.' has instructions to enforce Secure Communication. Using Secure Communication involves both enabling 'enforce secure communication' and setting the security key.
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2007 Hewlett-Packard Development Company, L.P.
[http://www.openbsd.org/advisories/res_random.txt]
[4] Sacramento, Vagner, "Vulnerability in the sending requests control
of Bind versions 4 and 8 allows DNS spoofing", 2002.
[http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html]
[5] Stewart, Joe, "DNS Cache Poisoning - The Next Generation", 2002.
[http://www.secureworks.com/research/articles/dns-cache-poisoning]
[6] Klein, Amit, "BIND 9 DNS cache poisoning", 2007.
[http://www.trusteer.com/files/BIND_9_DNS_Cache_Poisoning.pdf]
[7] Klein, Amit, "Windows DNS Server cache poisoning", 2007.
[http://www.trusteer.com/files/Windows_DNS_Cache_Poisoning.pdf]
[8] Kaminsky, Dan, "Black Ops 2008: It_s The End Of The Cache As We Know
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2007 Hewlett-Packard Development Company, L.P.
===========
Panda Security for <Product> is the security solution for companies that
need to protect their networks, mainly workstations and file servers.
Panda Security for Business is centrally managed thanks to the
AdminSecure Console, which allows monitoring the entire network,
protecting your critical assets against all types of threats and
optimizing productivity.
(Product description from Panda Website)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
*Advisory Information*
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Cisco Secure Desktop XSS/JavaScript Injection
1. *Advisory Information*
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Biometrics, National ID Cards, Identity Theft
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Biometrics, National ID Cards, Identity Theft
<<Previous Next>>
|
|
|
