Next Page >>
network security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-002
McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory Information
Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory ID: SWRX-2009-002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-001
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2012
7th Network Security Event for Latin America and the Caribbean
May 6-11, 2012, Quito, Ecuador
http://lacnic.net/en/eventos/lacnicxvii/
LACNIC (http://www.lacnic.net) is the international organization based
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
9:15 Keynote: Manuel Costa, Microsoft Research
10:15 Coffee Break
10:45 Session: Network Security I
Protecting against DNS reflection attacks with Bloom filters
Sebastiano Di Paola, Dario Lombardo
Effective Network Vulnerability Assessment through Model Abstraction
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2011
6th Network Security Event for Latin America and the Caribbean
May 17-20, 2011, Cancun, Mexico
http://lacnic.net/en/eventos/lacnicxv/index.html
LACNIC (http://www.lacnic.net) is the international organization based
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
eEye Digital Security (CVE-2007-5331)
shirkdog (CVE-2007-5332)
*** TOPICS ***
Topics are encouraged, but not limited to:
- Intelligent Data Mining for Network Security: Intrusion Detection Systems,
Log Correlation Methods, Adaptive Defense of Network Infrastructures.
- Learning Methods for Text Mining in Intelligence and Security:
Document Classification and Processing, Ontologies and Conceptual
Information
Internet Explorer 7 silently fixed the vulnerability roughly ten months
ago, due to a change in URLMON.DLL's behavior when reading compressed
content.
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink Endpoint Vulnerability Prevention preemptively protects from this
vulnerability.
Vendor Status:
| They ignore the emails to abuse@google.com)
|
|
| --
| Michael Scheidell, CTO
| >|SECNAP Network Security
| Winner 2008 Network Products Guide Hot Companies
| FreeBSD SpamAssassin Ports maintainer
|
| _________________________________________________________________________
| This email has been scanned and certified safe by SpammerTrap(r).
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
Computer Associates released patches for these vulnerabilities. These
patches are available here:
so
briefly- delivery content.
* Target speech level: To classify as: newbie
(rookie)/intermediate/advanced/expert.
* Required skills: Specify required skills of attendants.
* Topic: General topic to which the speech belongs to (Network Security,
Forensic, Secure Programming, 0day attacks, Wireless Security, etc).
* Author/s's Phone number.
* Author/s's home address.
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
Mobility and Security that will be held from 7 to 10 May 2012 in
Istanbul, Turkey.
NTMS'2012 aims at fostering advances in the areas of New Technologies,
Wireless Networks, Mobile Computing, Ad hoc and Ambient Networks, QoS,
Network Security and E-commerce, to mention a few, and provides a
dynamic forum for researchers, students and professionals to present
their state-of-the-art research and development in these interesting
areas.
The event will be combined with tutorial sessions and workshops.
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
======================================================================
Secunia Research 20/01/2009
- Trend Micro Network Security Component Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
either be securely firewalled or better still isolated, or otherwise
protected using approved IT security methodology. Citect has previously
published security recommendations in a whitepaper located on our
website at
http://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf
"SECURING AN INTEGRATED SCADA SYSTEM - Network Security & SCADA Systems
Whitepaper". The vendor also indicates that "copies of the security
alert report appear to have been circulated before the advised date of
publication, contrary to the undertaking given to Citect."
. 2008-06-04:
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure ACLs (iACLs) are a network
security best practice and should be considered as a long-term
addition to good network security as well as a workaround for this
specific vulnerability. The iACL example below should be included as
part of the deployed infrastructure access-list, which will help
protect all devices with IP addresses in the infrastructure IP
address range:
• Security Policy Implementation & Compliance
• Botnet Detection and Prevention
• Information Security Risk Management
• Economics of Information Security
• Computer & Network Forensics
• Network Security and Intrusion Detection
• Computer Crime and Digital Forensics
• Security in the Cloud / Distributed Systems
• Forensic Accounting and Fraud Detection
• Curriculum Development in Information Security
• Digital Rights Management
They ignore the emails to abuse@google.com)
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
* Peer to Peer Data Management
* New Novel Mechanism and Application for Ubi/Cloud Computing
Information Security:
* Trust, Privacy and Data Security
* Network Security Issues and Protocols
* Security Challenges and Content Authoring
* Cryptography
* Secure Communications
* Authentication Techniques
* Chaos-based Data Security
Topics of interest include, but are not limited to the following:
* New Attack and Defense Techniques
* Reverse Code Engineering
* Network Security
* Forensics and Incident Response
* WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
* Cryptography
* Hardware Hacking
* Malware Analysis
* Infrastructure Access Control Lists
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic
at the border of networks. Infrastructure Access Control Lists
(iACLs) are a network security best practice and should be
considered as a long-term addition to good network security as
well as a workaround for these specific vulnerabilities. The iACL
example below should be included as part of the deployed
infrastructure access-list which will protect all devices with IP
addresses in the infrastructure IP address range:
> | | They ignore the emails to abuse@google.com)
> | |
> | |
> | | --
> | | Michael Scheidell, CTO
> | | >|SECNAP Network Security
> | | Winner 2008 Network Products Guide Hot Companies
> | | FreeBSD SpamAssassin Ports maintainer
> | |
> | | _________________________________________________________________________
> | | This email has been scanned and certified safe by SpammerTrap(r).
This is a reminder that online registration for HITBSecConf2008 -
Malaysia, the largest network security conference in Asia and the Middle
East, closes on the 24th of October - walk in registrations are still
accepted thereafter but prices increase to MYR1099. To book your seats
online, please register through:
http://conference.hitb.org/hitbsecconf2008kl/register/
27th & 28th October 2008
========================
Protection:
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
BitDefender has released an update mitigating this vulnerability in the
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2404
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network Security
* Forensics and Anti-Forensics
* Mobile Communications Security and Vulnerabilities
Because of the size of the copy, an access violation is inevitable, but
in programs (such as Microsoft Office applications) that attempt to
handle the exception, successful exploitation has been demonstrated.
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink Endpoint Vulnerability Prevention preemptively protects from this
vulnerability.
Vendor Status:
in the neighborhood.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
Next Page>>
|
