Items Tagged with "Vulnerabilities"


201d6e4b7cd0350a1a9ef6e856e28341

What's More Important - Vulnerabilities or Actual Incidents?

February 13, 2012 Added by:Joe Weiss

To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Will the Real IT Security Researcher Please Stand Up?

February 12, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Did the 2006 Symantec Breach Expose RSA's SecurID?

February 10, 2012 Added by:Kevin McAleavey

The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...

Comments  (23)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)

Ca77c9128684f4263450c6d728107608

Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

February 08, 2012 Added by:Headlines

Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

Gaining Access to a Check Point Appliance

February 07, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)

637466d18cc35f545740244d707c0482

Achieving Network Security

February 07, 2012 Added by:Kevin Somppi

Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Hacking Satellite Communications

February 06, 2012 Added by:Pierluigi Paganini

We must consider that compromised satellites are a serious risk, that the exposure could affect communications in the business and military sectors, and could also cause the loss of sensitive and strategic technological information...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

A Conversation With Richard Clarke – Part II

February 04, 2012 Added by:Fergal Glynn

Chris Wysopal and cyber security expert Richard Clarke continue their discussion on the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

System Compromise: What the Heck is a FeeLCoMz String?

February 03, 2012 Added by:Brent Huston

If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT Monthly Monitor for January 2012

February 02, 2012

The ICS-CERT Monthly Monitor offers a means of promoting preparedness, information sharing, and collaboration with the 18 critical infrastructure/key resource sectors and through sector briefings, meetings, conferences, and information product releases...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Four Reasons to Use a Vulnerability Scanner

February 01, 2012 Added by:Dan Dieterle

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...

Comments  (0)

Page « < 14 - 15 - 16 - 17 - 18 > »