Search:

Today was a big day w/ major VoIP vulns, and three bulletins from Microsoft. Most security companies are not responding.

No updates to Cisco IDS, they are too busy patching their own network. ...

http://data-recovery-software.net/Linux_Recovery.shtml

works well

check out even more problems with the same Symantec software @
"Slashdot | Symantec Says No To Pro-Gun Sites"


http://yro.slashdot.org/yro/03/11/02/1729239.shtml?tid=103&tid=153&tid=99

lol @ Symantec!

http://news.com.com/2100-7355_3-5099884.html?tag=nefd_top

Why Anomaly Based Intrusion Detection Systems are a Hax0rs Best Friend

This presentation was given at Summer DefCon 2003 in Las Vegas. The author has run one of the leading stand-alone anomaly...

Great news for ISS @ http://www.enterpriseitplanet.com/security/news/article.php/2246561

AlertCon was raised to level 3.

https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp

Some new news of this

"Mass-mailing worm Mimail-A all set to burrow across Atlantic"
@ http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=45601

The X-Force alert for this worm can be found @ http://xforce.iss.net/xforce/alerts/id/149

Internet Security Systems Security Alert
August 1, 2003

"Mimail" Mass-Email Worm Propagation

Synopsis:

ISS X-Force has detected the spread of a mass-emailing worm named
"Mimail". The...

"MS03-026 RPC Vulnerability" command-line scanning tool

X-Force just released a lightweight command-line tool to look for systems vulnerable to the RPC DCOM vulnerability. It's pretty nice because...

This is an advisory of a major flaw discovered on NetScreen firewall devices. You may publish it "as is".

The software vendor -- NetScreen Technologies --
was notified 3 weeks ago.
...

Nice post about how SecurityFocus tends to censor relative information.

http://www.issadvisor.com/viewtopic.php?t=205

Try windowsupdate.microsoft.com

A serious vulnerability exists within the WebDAV component of Microsoft Internet Information Services (IIS) Web server. WebDAV stands for "Web-based Distrbuted Authoring and Versioning". WebDAV...

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...

HTML Code Injection and Cross-site scripting
http://www.issadvisor.com/viewtopic.php?t=174

Custom HTML Authentication: Best Practices on Securing Custom HTML Authentication Procedures...

just *some of the news on this

ISS finds root exploit in Sendmail
http://www.geek.com/news/geeknews/2003Mar/gee20030305018955.htm

Dangerous flaw found in popular e-mail software...

But it is going to take 20 minutes X ?10,000+? (snort's userbase) to ensure everyone is safe.

Synopsis:
ISS X-Force has discovered a remotely exploitable buffer overflow condition in Snort. Snort is an open source intrusion detection system. A buffer overflow flaw exists in Snort RPC...

Synopsis:
ISS X-Force has discovered a buffer overflow vulnerability in the Sendmail Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been documented to handle between 50% and 75%...

Who has the DeepSight Threat Management System?

I found three audio presentations that deal with SQL Injection. The first discusses the basics of how to test web applications for SQL injection vulnerabilities. The second goes into the specifics of...

And Symantec expects their customers to trust buying their products and managed services because they are experts?????

Symantec's Buy-Out Proposal Site Exposed Information (29 January 2003)
A...