Guide to the TechWeb Network
DATE: September 18, 2008
LIVE EVENT: ATCA, AMC & MicroTCA
LOCATION: The Westin Waltham Boston, ...
More Information
Home > Blogs
Blogs
Snake Bytes
 BY RSNAKE
Token Security Is Just That
 AUGUST 19, 2008
 3:55 PM -- Eight reasons why federated token-based authentication for consumers doesn't make sense
Weaponizing Google Gadgets
The Dangers of Downloads
The Case for Outbound Filtering
Herding Worms
Evil Bits
 BY JOHN SAWYER
Samurai Penetration Testing
 AUGUST 18, 2008
 5:05 PM -- New Samurai CD could be a boon to Web application developers who need to test security
Don't Lie to Your Kids
Sharing the Workload With Collaborative Security
Naval Postgraduate School Wins Hacking Contest
New Fixes for Security Tool Junkies
I Shadow
 BY KELLY JACKSON HIGGINS
Defcon Demystified
 AUGUST 15, 2008
 4:45 PM -- Defcon's emphasis on hands-on hacking and its hardcore hacker culture set it apart
Hackers Honor Their Own - Sort Of
Black Hats & Cold War
San Fran Insider Threat Gone Wild
Full Disclosure Watchdog
CS Island
 BY CSI STAFF
It's Not the Tech, It's Ourselves
 AUGUST 14, 2008
 12:15 PM -- LSE's Ian Angell keynoted at BlackHat about how we're to blame for our lack of good judgment
Trusted Computing, Take Two
Why Isn't Trusted Computing Taking Off?
Free Virtual Goodies at Price of Privacy
Big Brother Isn't the Only One Watching You
Firewalled
 BY TIM THE ENCHANTER
Black Hat: A Good, Healthy Scare
 AUGUST 8, 2008
 3:45 PM -- New vulnerabilities, exploits show security problems are far from solved
Yes, Linus, There Is a Difference
Online Privacy: A Battle Worth Fighting
Free Service Lets You Track Your Laptop Anywhere
Disclosure Shouldn't Be a Leap of Faith
Survey Hacks Security Career Conundrum
Spear Phishing Attack Unleashes 1.5M Spam Messages
LA Street Gangs Add ID Theft to Turf
 MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability: Microsoft Visual Studio
Published: 2008-08-19
Severity: HIGH
Description: stack-based
buffer overflow in the
maskededit activex control
in msmask32.ocx 6.0.81.69,
and possibly other versions
before 6.0.84.18, in
microsoft visual studio 6.0
allows remote attackers to
execute arbitrary code via a
long mask parameter, as
exploited in t...
Vulnerability: Symantec Veritas Storage Foundation
Published: 2008-08-19
Severity: HIGH
Description: the
management console in the
volume manager scheduler
service (aka
vxschedservice.exe) in
symantec veritas storage
foundation for windows (sfw)
5.0, 5.0 rp1a, and 5.1
accepts null ntlmssp
authentication, which allows
remote attackers to execute
arbitrary ...
Vulnerability: speedbit download_accelerator_plus, jcomsoft anigif
Published: 2008-08-18
Severity: HIGH
Description: multiple
stack-based buffer overflows
in the animation gif activex
control in jcomsoft
anigif.ocx 1.12 and 2.47, as
used in products such as
speedbit download
accelerator plus (dap) 8.6,
allow remote attackers to
execute arbitrary code via a
long argument to t...
Vulnerability: Kayako SupportSuite
Published: 2008-08-18
Severity: HIGH
Description: sql injection
vulnerability in
staff/index.php in kayako
supportsuite 3.20.02 and
earlier allows remote
authenticated users to
execute arbitrary sql
commands via the
customfieldlinkid parameter
in a delcflink action.
Vulnerability: Kayako SupportSuite
Published: 2008-08-18
Severity: MEDIUM
Description: multiple
cross-site scripting (xss)
vulnerabilities in kayako
supportsuite 3.20.02 and
earlier allow remote
attackers to inject
arbitrary web script or html
via (1) the sessionid
parameter in a livesupport
startclientchat action to
visitor/index.php; (2) the <...
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)
Apple  |  Application scanning  |  Application Security  |  Attacks / Exploits / Threats  |  Authentication  |  Black Hat  |  Black Hat  |  Botnets  |  Browser security  |  Computer crime  |  Consultants  |  Cross-site scripting  |  Digital certificates  |  DOS  |  Encryption  |  End-user monitoring   |  Host Protection  |  Industry Trends   |  Law enforcement  |  Legal & Regulatory Topics  |  Legislation  |  Malware  |  Managed services  |  Market Research  |  Messaging Security  |  Microsoft  |  Penetration testing  |  Penetration testing  |  Perimeter Security  |  Phishing  |  Policy management  |  Security Administration / Management  |  Security Industry  |  Security Services  |  Social engineering  |  Source-code auditing  |  Spam  |  Storage Security  |  Stored data losses  |  Trojans  |  User privacy  |  Viruses  |  Vulnerabilities  |  Vulnerability assessment  |  Vulnerability management  |  Vulnerability Management  |  Web application firewall  |  Web services security  |  Wireless security  |  Worms
Dark Reader Weekly Newsletter
Dark Reading Daily Newsletter
 MORE INFO
Copyright © 2008 United Business Media Limited - All rights reserved.
RSS FEED  |   ARCHIVE  |   FREE NEWSLETTER  |   ORDER REPRINTS  |   TECHNOLOGY MARKETING SOLUTIONS  |   TECHWEB  |   CONTACT US  |   USER PREFERENCES  |   HELP
Companies
3Com (17), Aventail (7), CA (18), Check Point (29), Cisco (150), Enterasys (5), F-Secure (9), F5 (5), HP (18), IBM (127), Intel (6), ISS (37), Juniper (36), Alcatel-Lucent (2), McAfee (172), Microsoft (1177), NetIQ (2), Nokia (3), Nortel (6), Oracle (44), Qualys (2), RSA (64), Secure Computing (19), Sun (11), Symantec (293), Trend Micro (29), VeriSign (36)

Application and Perimeter Security
802.11x (46), Anomaly detection (77), Anti-spam (146), Application quality assurance (31), Application scanning (149), Auditing (27), AVDL (1), Buffer overflows (106), CERT (11), Consultants (239), Cross-site scripting (180), CVE (7), Database encryption (56), Digital vaults (8), DOS (206), EAP/LEAP (1), Email gateways (237), Encryption (133), Filtering (54), Firewalls (319), FIRST (1), HIPAA (109), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (15), IDS (172), IM (82), IPS (274), ISO 17799 (8), Key management (70), Least-privilege user (54), License management (32), Malware (1384), NAC (290), Network IDS (34), NIST (18), OWASP (14), OWASP (11), Patch management (321), PCI (215), Penetration testing (237), Phishing (684), PKI (49), Rootkits (107), SAML (2), Software metering (4), Source-code auditing (86), SOX (93), SSL (186), Systems integrators (8), VPNs (257), Vulnerability assessment (827), Web App Security Consortium (8), Web App Security Consortium (18), Web application firewall (95), Web services security (635), WLANs (348), Worms (282), WPA (17), XML (27)

Desktop Security
Anti-spam (146), Antivirus (380), Application Security (1114), Attacks / Exploits / Threats (2934), Authentication (974), Browser security (743), Digital certificates (74), Digital signatures (51), Disk encryption (61), DRM (57), Encryption (634), File/folder encryption (39), Identity management (385), IM (82), Malware (1384), Messaging Security (517), PGP (5), Phishing (684), Rootkits (107), S/MIME (2), Security Administration / Management (1756), Social engineering (371), Spam (737), Spyware (272), Tokens (73), Trojans (369), User privacy (1579), Viruses (390), VOIP security (129), Vulnerabilities (3203), Vulnerability Management (422), Worms (282)

Discovery and management
Anomaly detection (77), Application scanning (149), AVDL (1), Black Hat (142), COBIT (8), Consultants (239), Content filtering (182), CVE (7), End-user monitoring (282), Filtering (54), FISMA (20), HIPAA (109), Host intrusion prevention (106), Host-based IDS (45), IDS (172), IDS (15), IPS (274), ISACA (1), ISO 17799 (8), Log aggregation (58), Network IDS (34), OWASP (14), OWASP (11), PCI (215), Penetration testing (237), Penetration testing (215), SAML (2), SIM/SEM (211), Source-code auditing (86), SOX (93), Vulnerability assessment (827), Vulnerability management (874), Web App Security Consortium (8)

Host security
802.11x (46), Application quality assurance (31), Authentication (974), Backup security (68), Biometrics (164), Buffer overflows (106), Digital certificates (74), Disk encryption (61), Encryption (634), End-user monitoring (282), HIPAA (109), Host anti-spam (80), Host anti-spyware (106), Host antivirus (115), Host intrusion prevention (106), Host Protection (517), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (15), IEEE (4), ISO 17799 (8), Least-privilege user (54), License management (32), NAC (290), P2P management (33), Patch management (321), PGP (15), Port control (12), Single sign-on (70), Smart cards (83), Software metering (4), SOX (93), Systems integrators (8), TCG (20), Tokens (73), User privacy (1579), Vulnerability Management (422), WPA (17)

Security services
Agency application (2), Application quality assurance (31), Application scanning (149), AVDL (1), COBIT (8), Consultants (239), FISMA (20), HIPAA (109), ISO 17799 (8), Managed services (306), PCI (215), Penetration testing (215), PKI (49), Policy management (483), SIM/SEM (211), Source-code auditing (86), SOX (93), Systems integrators (8)

Storage Security
AES (12), Backup security (68), COBIT (8), Database encryption (56), DES (3), Digital vaults (8), Disk encryption (61), Encryption (133), File/folder encryption (39), FIPS-140-2 (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), Identity management (118), ISO 17799 (8), Key management (70), Law enforcement (1083), Legislation (342), Offsite backup (26), PCI (215), PKI (49), SOX (93), Stored data losses (335), Systems integrators (8), Triple DES (3), User privacy (1579)

Wireless Security
802.11x (46), AES (12), Auditing (27), COBIT (8), Credential service provider (13), DES (3), Digital certificates (74), Digital signatures (51), DOS (206), EAP/LEAP (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (70), NAC (290), Network IDS (34), PCI (215), Penetration testing (215), PKI (49), Port control (12), Tokens (73), Triple DES (3), VPNs (257), Vulnerability assessment (827), WLANs (348), WPA (17)