Items Tagged with "Vulnerabilities"
February 14, 2012 Added by:Alan Woodward
CAPTCHAs. You've all had to use them at some point - those funny, distorted versions of a piece of text that only a human can decipher. I was shocked to learn that CAPTCHAs were being used in eBanking and could successfully be attacked nearly 100% of the time....
February 13, 2012 Added by:Joe Weiss
To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.
February 12, 2012 Added by:Rafal Los
Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?
February 11, 2012 Added by:Brent Huston
Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...
February 10, 2012 Added by:Kevin McAleavey
The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...
February 10, 2012 Added by:Headlines
ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...
February 09, 2012 Added by:Damion Waltermeyer
I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...
February 09, 2012 Added by:Headlines
Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...
February 08, 2012 Added by:Headlines
Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...
February 07, 2012 Added by:Gary McCully
In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...
February 07, 2012 Added by:Bill Mathews
On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...
February 07, 2012 Added by:Kevin Somppi
Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...
February 06, 2012 Added by:Pierluigi Paganini
We must consider that compromised satellites are a serious risk, that the exposure could affect communications in the business and military sectors, and could also cause the loss of sensitive and strategic technological information...
February 04, 2012 Added by:Fergal Glynn
Chris Wysopal and cyber security expert Richard Clarke continue their discussion on the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...
February 03, 2012 Added by:Brent Huston
If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...
February 02, 2012
The ICS-CERT Monthly Monitor offers a means of promoting preparedness, information sharing, and collaboration with the 18 critical infrastructure/key resource sectors and through sector briefings, meetings, conferences, and information product releases...