Next Page >>
Network Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-002
McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory Information
Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory ID: SWRX-2009-002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-001
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2011
6th Network Security Event for Latin America and the Caribbean
May 17-20, 2011, Cancun, Mexico
http://lacnic.net/en/eventos/lacnicxv/index.html
LACNIC (http://www.lacnic.net) is the international organization based
9:15 Keynote: Manuel Costa, Microsoft Research
10:15 Coffee Break
10:45 Session: Network Security I
Protecting against DNS reflection attacks with Bloom filters
Sebastiano Di Paola, Dario Lombardo
Effective Network Vulnerability Assessment through Model Abstraction
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2012
7th Network Security Event for Latin America and the Caribbean
May 6-11, 2012, Quito, Ecuador
http://lacnic.net/en/eventos/lacnicxvii/
LACNIC (http://www.lacnic.net) is the international organization based
Systems, IPSec Quality of Service,
Knowledge Management, Embedded Systems, Defence Systems
2. Information Security
Collaborative Learning , Trust, Privacy and Data Security, Network
Security Issues and Protocols,
Security Challenges and Content Authoring, Cryptography, Secure
Communications, Authentication
Techniques, Chaos-based Data Security, MANET Security, Wireless Sensor
Network Security,
Organization Considerations in Security Policy Formulation and
| | They ignore the emails to abuse@google.com)
| |
| |
| | --
| | Michael Scheidell, CTO
| | >|SECNAP Network Security
| | Winner 2008 Network Products Guide Hot Companies
| | FreeBSD SpamAssassin Ports maintainer
| |
| | _________________________________________________________________________
| | This email has been scanned and certified safe by SpammerTrap(r).
* Short description of the speech: One or two paragraphs explaining -not so
briefly- delivery content.
* Target speech level: To classify as: newbie
(rookie)/intermediate/advanced/expert.
* Required skills: Specify required skills of attendants.
* Topic: General topic to which the speech belongs to (Network Security,
Forensic, Secure Programming, 0day attacks, Wireless Security, etc).
* Author/s's Phone number.
* Author/s's home address.
*Deliverers expenses*
> | | They ignore the emails to abuse@google.com)
> | |
> | |
> | | --
> | | Michael Scheidell, CTO
> | | >|SECNAP Network Security
> | | Winner 2008 Network Products Guide Hot Companies
> | | FreeBSD SpamAssassin Ports maintainer
> | |
> | | _________________________________________________________________________
> | | This email has been scanned and certified safe by SpammerTrap(r).
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
eEye Digital Security (CVE-2007-5331)
shirkdog (CVE-2007-5332)
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network Security
* Forensics and Anti-Forensics
* Mobile Communications Security and Vulnerabilities
* CSIRTs, Incident Analysis and Response
* Peer to Peer Data Management
* New Novel Mechanism and Application for Ubi/Cloud Computing
Information Security:
* Trust, Privacy and Data Security
* Network Security Issues and Protocols
* Security Challenges and Content Authoring
* Cryptography
* Secure Communications
* Authentication Techniques
* Chaos-based Data Security
in the neighborhood.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
either be securely firewalled or better still isolated, or otherwise
protected using approved IT security methodology. Citect has previously
published security recommendations in a whitepaper located on our
website at
http://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf
"SECURING AN INTEGRATED SCADA SYSTEM - Network Security & SCADA Systems
Whitepaper". The vendor also indicates that "copies of the security
alert report appear to have been circulated before the advised date of
publication, contrary to the undertaking given to Citect."
. 2008-06-04:
so
briefly- delivery content.
* Target speech level: To classify as: newbie
(rookie)/intermediate/advanced/expert.
* Required skills: Specify required skills of attendants.
* Topic: General topic to which the speech belongs to (Network Security,
Forensic, Secure Programming, 0day attacks, Wireless Security, etc).
* Author/s's Phone number.
* Author/s's home address.
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
BitDefender has released an update mitigating this vulnerability in the
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
libFLAC version 1.2.1 was released in September, 2007, fixing these
Mobility and Security that will be held from 7 to 10 May 2012 in
Istanbul, Turkey.
NTMS'2012 aims at fostering advances in the areas of New Technologies,
Wireless Networks, Mobile Computing, Ad hoc and Ambient Networks, QoS,
Network Security and E-commerce, to mention a few, and provides a
dynamic forum for researchers, students and professionals to present
their state-of-the-art research and development in these interesting
areas.
The event will be combined with tutorial sessions and workshops.
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
Computer Associates released patches for these vulnerabilities. These
patches are available here:
======================================================================
Secunia Research 20/01/2009
- Trend Micro Network Security Component Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
• Stealing Reality (malicious application of Reality Mining)
• Identity theft in social networks
• Collaborative detection of distributed network attacks
• Peer-to-peer based security mechanisms
• Trust and reputation in social networks
• Socially inspired network security architectures
• Socially aware network security protocols
• Security configuration based on social contexts groups (social-firewall, authentication protocols, etc.)
• Configuring security protocol parameters based on social information
• Privacy-preserving methods for data access and data mining.
Topics of interest include, but are not limited to the following:
* New Attack and Defense Techniques
* Reverse Code Engineering
* Network Security
* Forensics and Incident Response
* WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
* Cryptography
* Hardware Hacking
* Malware Analysis
Internet Explorer 7 silently fixed the vulnerability roughly ten months
ago, due to a change in URLMON.DLL's behavior when reading compressed
content.
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink Endpoint Vulnerability Prevention preemptively protects from this
vulnerability.
Vendor Status:
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
Computer Associates released patches for these vulnerabilities. These
patches are available here:
• Security Policy Implementation & Compliance
• Botnet Detection and Prevention
• Information Security Risk Management
• Economics of Information Security
• Computer & Network Forensics
• Network Security and Intrusion Detection
• Computer Crime and Digital Forensics
• Security in the Cloud / Distributed Systems
• Forensic Accounting and Fraud Detection
• Curriculum Development in Information Security
• Digital Rights Management
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
| They ignore the emails to abuse@google.com)
|
|
| --
| Michael Scheidell, CTO
| >|SECNAP Network Security
| Winner 2008 Network Products Guide Hot Companies
| FreeBSD SpamAssassin Ports maintainer
|
| _________________________________________________________________________
| This email has been scanned and certified safe by SpammerTrap(r).
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network Security
* Forensics and Anti-Forensics
* Mobile Communications Security and Vulnerabilities
Next Page>>
|
