Next Page >>
research and development
Contact: "Sandro Gauci" <sandro@enablesecurity.com>
About EnableSecurity:
EnableSecurity is dedicated to providing high quality Information Security
Consultancy, Research and Development. EnableSecurity develops security tools
such as VOIPPACK (for Immunity CANVAS) and SIPVicious. EnableSecurity is
focused on analysis of security challenges and providing solutions to such
threats. EnableSecurity works on developing custom targeted security solutions,
as well as working with existing off the shelf security tools to provide the
best results for their customers. More info at enablesecurity.com
__________________________________________________________________
About EnableSecurity:
EnableSecurity is dedicated to providing high quality Information Security Consultancy, Research and Development. EnableSecurity develops security tools such as VOIPPACK (for Immunity CANVAS) and SIPVicious. EnableSecurity is focused on analysis of security challenges and providing solutions to such threats. EnableSecurity works on developing custom targeted security solutions, as well as working with existing off the shelf security tools to provide the best results for their customers. More info at enablesecurity.com
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Quick Heal Local Privilege Escalation Vulnerability
BACKGROUND
Quick Heal Technologies is leading provider of AntiVirus and Internet Security tools and is leader in Anti-Virus Technology in India. A privately held company, Quick Heal Technologies Pvt. Ltd. (formerly known as Cat Computer Services (P) Ltd.) was founded in 1993 and has been actively involved in Research and Development of anti-virus software since then. Quick Heal an award-winning anti-virus product is installed in corporate, small business and consumers' homes, protecting their PCs from viruses and other malicious threats.
Source: http://www.quickheal.co.in
VULNERABLE PRODUCTS
Behavioral Analysis of Zombie Armies
Lt Col Forrest Hare, OSD, George Mason School of Public Policy
Borders in Cyberspace: Can Sovereignty Adapt to the Cyber Security Challenge?
Amit Sharma, Defence Research and Development Organization, Ministry
of Defence, Government of India
CYBER WARS: A paradigm shift from Means to End
Michael Ruiz, CTO, Net-Enabled Operations (NEOS), BearingPoint
Cyber Command and Control: A Current Concept for Future Doctrine
__________________________________________________________________
About EnableSecurity:
EnableSecurity is dedicated to providing high quality Information Security Consultancy, Research and Development. EnableSecurity develops security tools such as VOIPPACK (for Immunity CANVAS) and SIPVicious. EnableSecurity is focused on analysis of security challenges and providing solutions to such threats. EnableSecurity works on developing custom targeted security solutions, as well as working with existing off the shelf security tools to provide the best results for their customers. More info at enablesecurity.com
About Acunetix:
Acunetix Web Vulnerability Scanner is a tool designed to discover security holes in web applications that attackers could abuse to gain access to a business' systems and data. With Acunetix WVS websites can be regularly checked for vulnerabilities such as SQL injection and Cross Site Scripting. The scanner ships with many innovative features such as: AcuSensor Technology, automatic JavaScript analyzer, Visual macro recorders and extensive reporting facilities, which include various compliance reports.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
government. Our aim is to provide the best independent advice
and a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development,
and its team continues to identify and responsibly publish
vulnerabilities
in public and private software vendor's products. Members of the
Security-Assessment.com R&D team are globally recognised through their
release of whitepapers and presentations related to new security
your choice of 3-letter agencies.
The Shmoo Group actually does more than just ShmooCon. The Shmoo Group
is comprised of security professionals from around the world who
donate their time and energy towards information security research and
development
TSG encourages speakers to present new and interesting projects for
ShmooCon and will give preferential treatment to submissions that have
not been presented at other conferences. Further, TSG invites any
individual who has not spoken at a conference before to submit a talk
a high level of technical expertise while creating
long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security
research and
development, and its team continues to identify and
responsibly publish
vulnerabilities in public and private software
vendor's products.
Members of the Security-Assessment.com R&D team are
globally recognised
December 15, 2010 – All notifications to speakers sent
--== ABOUT SHMOOCON AND THE SHMOO GROUP ==--
The Shmoo Group (TSG) is an independent think-tank of security professionals from around the world who donate their time and energy towards information security research and development. Several years ago TSG had an idea. This idea has grown into a community recognized annual security conference attended by over 1500 people.
Our goal for ShmooCon is to educate, inform, and entertain the attendees. ShmooCon is primarily a security conference, but we encourage innovative and interesting submissions on offbeat technology topics.
--== WHO SHOULD SUBMIT ==--
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
with software developers for properly handling disclosure issues.
This advisory is copyright 2008 Secure Network S.r.l. Permission is
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2009 Secure Network S.r.l. Permission is
connects to existing Microsoft CA servers to extend automated
certificate issuance to non-domain devices, including iOS (iPhone,
iPad, iPod Touch), Android, Windows, Mac OS X, and Linux.
The Open1X Group
The Open1X Group is a strategic research and development group
established in 2001 to support the creation and adoption of secure
authentication systems over traditionally insecure network connection.
The Open1X Group performs active and ongoing research and analysis in
to the IEEE 802.1X protocol, the IETF EAP Methods, emerging
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
with software developers for properly handling disclosure issues.
This advisory is copyright © 2007 Secure Network S.r.l. Permission is
Discovered and advised to the vendor by CodeScan Labs
== About CodeScan Labs Ltd ==
CodeScan Labs is a specialist security research and development
organisation, that has developed the cornerstone application, CodeScan.
CodeScan Labs helps organisations secure their web services through the
automated scanning of the web application source code for security
vulnerabilities. The CodeScan product is currently available for ASP, ASP.NET C#
and PHP
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2008 Secure Network S.r.l. Permission is
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
with software developers for properly handling disclosure issues.
This advisory is copyright © 2007 Secure Network S.r.l. Permission is
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2009 Secure Network S.r.l. Permission is
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2009 Secure Network S.r.l. Permission is
announced today the free, world-wide availability of version 3.1 of
their exploit development and attack framework. The latest version
features a graphical user interface, full support for the Windows
platform, and over 450 modules, including 265 remote exploits.
"Metasploit 3.1 consolidates a year of research and development,
integrating ideas and code from some of the sharpest and most innovative
folks in the security research community" said H D Moore, project
manager. Moore is referring the numerous research projects that have
lent code to the framework.
. 2009-03-17: Core re-schedules advisory CORE-2009-0122 publication to
March 24 and asks the vendor the URL of their security bulletin when
available.
. 2009-03-17: Core asks the vendor to reschedule publication to March
23, because March 24 is a working holiday in Argentina, where Core's
research and development center is located.
. 2009-03-17: Vendor confirms March 23 as the new publication date.
. 2009-03-23: Vendor publishes the hot fix.
. 2009-03-23: Core publishes advisory CORE-2009-0122.
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2008 Secure Network S.r.l. Permission is
government. Our aim is to provide the very best independent advice and
a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development, and its team continues to identify and responsibly publish
vulnerabilities in public and private software vendor's products.
Members of the Security-Assessment.com R&D team are globally recognised
through their release of whitepapers and presentations related to new
security research.
government. Our aim is to provide the best independent advice
and a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development,
and its team continues to identify and responsibly publish
vulnerabilities
in public and private software vendor's products. Members of the
Security-Assessment.com R&D team are globally recognised through their
release of whitepapers and presentations related to new security
> The OSSTMM is currently in its third revision and still in Beta,
> therefore only available to team members, select reviewers, and federal
> government agencies that require it for drafting policy. This third
> version is a complete re-write of the methodology and has at its
> foundation the ever-elusive security and trust metrics. It required 6
> years of research and development to produce the perfect operational
> security metric, an algorithm which computes the Attack Surface of
> anything. In essence, it is a numerical scale to show how unprotected
> and exposed something currently is. This number is the basis required
> for making a proper trust assessment, another feature of the OSSTMM 3 to
> do away with risk assessment in favor of a more factual metric using
government. Our aim is to provide the very best independent advice and
a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development, and its team continues to identify and responsibly publish
vulnerabilities in public and private software vendor's products.
Members of the Security-Assessment.com R&D team are globally recognised
through their release of whitepapers and presentations related to new
security research.
About IRM:
Information Risk Management Plc (IRM) is a vendor independent
information risk consultancy, founded in 1998. IRM has become a leader
in client side risk assessment, technical level auditing and in the
research and development of security vulnerabilities and tools. IRM is
headquartered in London with Technical Centres in Europe and Asia as
well as Regional Offices in the Far East and North America. Please visit
our website at www.irmplc.com for further information.
Disclaimer:
*** LEGAL NOTICES ***
*********************
Secure Network (www.securenetwork.it) is an information security company,
which provides consulting and training services, and engages in security
research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating
with software developers for properly handling disclosure issues.
This advisory is copyright © 2007 Secure Network S.r.l. Permission is
government. Our aim is to provide the very best independent advice and a
high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development, and its team continues to identify and responsibly publish
vulnerabilities in public and private software vendor's products.
Members of the Security-Assessment.com R&D team are globally recognised
through their release of whitepapers and presentations related to new
security research.
NTMS'2012 aims at fostering advances in the areas of New Technologies,
Wireless Networks, Mobile Computing, Ad hoc and Ambient Networks, QoS,
Network Security and E-commerce, to mention a few, and provides a
dynamic forum for researchers, students and professionals to present
their state-of-the-art research and development in these interesting
areas.
The event will be combined with tutorial sessions and workshops.
Tutorials will precede the main program, aiming at the dissemination of
mature knowledge and technology advances in the field. Two or more
The OSSTMM is currently in its third revision and still in Beta,
therefore only available to team members, select reviewers, and
federal government agencies that require it for drafting policy. This
third version is a complete re-write of the methodology and has at its
foundation the ever-elusive security and trust metrics. It required 6
years of research and development to produce the perfect operational
security metric, an algorithm which computes the Attack Surface of
anything. In essence, it is a numerical scale to show how unprotected
and exposed something currently is. This number is the basis required
for making a proper trust assessment, another feature of the OSSTMM 3
to do away with risk assessment in favor of a more factual metric
Next Page>>
|
