| New User, Welcome! Login |
Ad Hoc
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
* Java Remote method Invocation (RMI) Denial of Service
* Unauthenticated XML-RPC Interface
http://www.ntms-conf.org
Technically Sponsored by IEEE, COMSOC and IFIP TC6
All accepted papers will be published in IEEE Xplore. The best papers
of the conference will be considered for publication in COMNET and ADHOC
NETWORKS journals.
Overview
--------
NTMS'2012 is the Fifth International Conference on New Technologies,
NTMS'2012 is the Fifth International Conference on New Technologies,
Mobility and Security that will be held from 7 to 10 May 2012 in
Istanbul, Turkey.
NTMS'2012 aims at fostering advances in the areas of New Technologies,
Wireless Networks, Mobile Computing, Ad hoc and Ambient Networks, QoS,
Network Security and E-commerce, to mention a few, and provides a
dynamic forum for researchers, students and professionals to present
their state-of-the-art research and development in these interesting
areas.
Cooperation
* Security in Multi Agent Systems
* Secure Collaborative Agents
* Using Multi Agent Systems for Security
* Security in Mobile and Wireless Networks
* Security of Ad Hoc and Sensor Networks
* Security in Peer to Peer Networks
* Security in Social Networks
Submission Instructions:
. 2011-05-06:
Oracle requests Core to hold the advisory publication until they have
patches available for all customers. Oracle states that they announce
security fixes on a pre-determined schedule, so users are prepared to
apply them. Adhoc publication of issues may not allow every customer to
monitor and apply patches in time, which increases their exposure.
. 2011-05-09:
Core notifies that the publication of security advisories is aimed at
explaining the problem to the vulnerable user community and providing
On Fri, Aug 08, 2008 at 02:08:37PM -0400, Perry E. Metzger wrote:
> The kerberos style of having credentials expire very quickly is one
> (somewhat less imperfect) way to deal with such things, but it is far
> from perfect and it could not be done for the ad-hoc certificate
> system https: depends on -- the infrastructure for refreshing all the
> world's certs every eight hours doesn't exist, and if it did imagine
> the chaos if it failed for a major CA one fine morning.
The PKIX moral equivalent of Kerberos V tickets would be OCSP Responses.
On Fri, Aug 08, 2008 at 12:35:43PM -0700, Paul Hoffman wrote:
> At 1:47 PM -0500 8/8/08, Nicolas Williams wrote:
> >On Fri, Aug 08, 2008 at 02:08:37PM -0400, Perry E. Metzger wrote:
> >> The kerberos style of having credentials expire very quickly is one
> >> (somewhat less imperfect) way to deal with such things, but it is far
> >> from perfect and it could not be done for the ad-hoc certificate
> >> system https: depends on -- the infrastructure for refreshing all the
> >> world's certs every eight hours doesn't exist, and if it did imagine
> >> the chaos if it failed for a major CA one fine morning.
> >
> >The PKIX moral equivalent of Kerberos V tickets would be OCSP Responses.
problem. It is too hard to "prove a negative" (that is, to prove to
yourself that no revocation exists.)
The kerberos style of having credentials expire very quickly is one
(somewhat less imperfect) way to deal with such things, but it is far
from perfect and it could not be done for the ad-hoc certificate
system https: depends on -- the infrastructure for refreshing all the
world's certs every eight hours doesn't exist, and if it did imagine
the chaos if it failed for a major CA one fine morning.
One also worries about what will happen in the UI when a certificate
At 1:47 PM -0500 8/8/08, Nicolas Williams wrote:
>On Fri, Aug 08, 2008 at 02:08:37PM -0400, Perry E. Metzger wrote:
>> The kerberos style of having credentials expire very quickly is one
>> (somewhat less imperfect) way to deal with such things, but it is far
>> from perfect and it could not be done for the ad-hoc certificate
>> system https: depends on -- the infrastructure for refreshing all the
>> world's certs every eight hours doesn't exist, and if it did imagine
>> the chaos if it failed for a major CA one fine morning.
>
>The PKIX moral equivalent of Kerberos V tickets would be OCSP Responses.
Some Ralinktech wireless cards drivers are suffer from integer overflow. by sending
malformed 802.11 Probe Request packet with no care about victim's MAC\BSS\SSID can cause to
remote code execution in kernel mode.
In order to exploit this issue, the attacker should send a Probe
Request packet with SSID length bigger then 128 bytes (but less then 256) when the victim's card is in ADHOC mode.
attacker shouldn't be on the same network nor even know the MAC\BSS\SSID, he can just send it broadcast.
Tested on Ralink USB wireless adapter (RT73) V3.08 on win2k with the latest driver version.
Status: Unpatched ,vulnerability reported to vendor.
Oses: Windows\linux drivers.
PHP-Nuke ALL versions Search Module multiple XSS and HTML injection
-------------------------------------------------------------------
The well-known PHP-Nuke CMS is vulnerable to multiple XSS attacks and HTML injections through the Search Module.
The request is made using POST, but the whole process can be automatized creating an ad-hoc page to send to the victim with an auto-submitting forum using POST as method and the vulnerable URL (http://vulnsite.com/modules.php?name=Search) as ACTION.
Both the XSS and the HTML injection work on IE 6/7 and Firefox (ALL versions), with every server and php.ini configuration.
You may use the following queries for testing.
4mpps is still big) is almost insignificant when compared with size of
attacks we have seen in the past. Very small in comparison.
I refuse to take a stand or offer an opinion (amymore) on if it was Russia
or not, I convey only what I can prove, which on that regard is absolutely
nothing except for the fact it was organized, ad-hoc or by an entity, you
can decide for yourself.
It is not my place to take sides or comment politicially, DDoS hurts the
`net, no matter who is under attack, and that is why the Internet security
operations community and the CERTs community got involved, as well as
(Paris, 26-30 June 2009)
========================================================================
Hacker Space Festival 2009 | Call For Proposals | HSF2009
In 2008, we organized HSF[1] on the spot, as an ad-hoc meeting for
hackerspaces-related networks, technical and artistic research emerging
from them and social questionning arising from them. This sudden
experiment proved to be a huge success, as much as on the
self-organizing level as on the participants and meetings quality, as
well as the emotionally-charged ambient, the kind of which you make
|
|
|
