Guide to the TechWeb Network
DATE: September 18, 2008
LIVE EVENT: ATCA, AMC & MicroTCA
LOCATION: The Westin Waltham Boston, ...
More Information
Home > Most Popular News Analysis
Most Popular News Analysis

Dark Reading News Analysis: Hacking Without Exploits - 7/29/2008 4:30:00 PM
Black Hat researchers will demonstrate how the bad guys are quietly raking in big bucks without ninja hacking skills, tools, or exploit code
Dark Reading News Analysis: New Video Surveillance Technology 'Recognizes' Abnormal Activity - 7/28/2008 10:05:00 AM
BRS software can establish 'normal' on-camera activity – and alert security staff when something unusual occurs
Dark Reading News Analysis: At Countrywide, One Overlooked PC Led to Loss of 2M Records - 8/13/2008 5:46:00 PM
Insider used the one machine that hadn't been 'fixed' to prevent use of external storage devices
Dark Reading News Analysis: Researchers Raise Alarm Over New Iteration of Coreflood Botnet - 7/23/2008 6:00:00 PM
Password-stealing Trojan is spreading like a worm – and targeted directly at the enterprise
Dark Reading News Analysis: Kaminsky: DNS Vulnerability Will Affect Email, Internal Systems, Too - 8/6/2008 5:30:00 PM
If you think the now-infamous flaw is limited to browsers and the Web, think again, pioneer researcher says
Dark Reading News Analysis: Details, Exploits of Web-Wide DNS Vulnerability Revealed - 7/24/2008 5:30:00 PM
Kaminsky outlines flaw, says 'we're in serious trouble'; exploit code posted on Metasploit
Dark Reading News Analysis: Schneier, Team Hack 'Invisibility Cloak' for Files - 7/16/2008 5:35:00 PM
Researchers break 'deniable file system' steganography feature that conceals the existence of sensitive files from hackers
Dark Reading News Analysis: The Real Dirt on Whitelisting - 7/30/2008 5:50:00 PM
The choice for blacklisting versus whitelisting isn’t really black and white
Dark Reading News Analysis: MIT Presentation on Subway Hack Leaks Out - 8/12/2008 5:56:00 PM
In ironic twist, court documents that argue for suppression of Defcon presentation help distribute data about the hack
Dark Reading News Analysis: Researcher Offers Malware Analysis Tool - 7/18/2008 5:55:00 PM
Proof-of-concept tool is more difficult for hackers to detect and evade than current malware analyzers
Dark Reading News Analysis: 'PhishMe' Tool Lets Businesses Spear-Phish Themselves - 7/22/2008 11:05:00 AM
Web-based service generates self-inflicted targeted attacks to enlighten users, assess risk
Dark Reading News Analysis: Researchers: There's Gold in Them Thar Hacks - 8/8/2008 5:45:00 PM
Black Hat presentation shows some simple methods hackers have used to get rich or die trying
Dark Reading News Analysis: 'Bringing Sexy Back' to Hacking - 8/7/2008 5:30:00 PM
DefCon session will feature iPhones running WiFi scans and sophisticated spear-phishing tricks
Dark Reading News Analysis: Malicious Botnet Stole Bank, Credit Union Credentials - 8/6/2008 4:20:00 PM
New report says the 50 GB of data stolen were only one fourth of the data harvested
Dark Reading News Analysis: Feds Arrest Hackers of TJX, Other Retailers in Huge Conspiracy Bust - 8/5/2008 4:15:00 PM
Eleven perpetrators held responsible for online theft and sale of more than 40 million credit and debit cards
Dark Reading News Analysis: Freezing the Cold-Boot Attack - 8/1/2008 3:45:00 PM
Researcher reveals new technologies he built to combat attacks that crack disk encryption on machines
Dark Reading News Analysis: Three New Security Startups Launch Today - 8/4/2008 3:45:00 PM
Web Security as a Service, anti-malware firms emerge from stealth mode today despite economic uncertainties
Dark Reading News Analysis: New Tool Hacks the Psyche - 8/14/2008 5:00:00 PM
Microsoft Blue Hat summit to feature proof-of-concept for extrapolating a user’s emotional state based on his or her online postings
Dark Reading News Analysis: Beijing Braces for Olympic Cyber-War - 8/4/2008 9:10:00 AM
Can the world's most futuristic data center protect the Olympics' storage?
Dark Reading News Analysis: New Web Threats Imperil OS, Other Apps - 6/23/2008 5:48:00 PM
IBM researchers release proof of concept for new cross-environment hopping (CEH) attack methods
Dark Reading News Analysis: Report: Vulnerabilities Abound in Open-Source Environments - 7/21/2008 6:00:00 PM
Enterprises should take care in adopting open-source technology, Fortify study says
Dark Reading News Analysis: What to Do After a Breach - 8/11/2008 5:15:00 PM
Former FTC official gives Defcon attendees the lowdown on breach response and working with law enforcement
Dark Reading News Analysis: Feds: Foreign Attackers 'Knocking on Our Door Every Day' - 8/7/2008 4:30:00 PM
Attacks on US government systems are frequent and serious, top officials say
Dark Reading News Analysis: Microsoft Revamps Patch Tuesday Warning Process - 8/5/2008 11:30:00 AM
Software giant will share vulnerability data early with third parties, create 'Exploitability Index' for newly found flaws
Dark Reading News Analysis: AV Still Weak on Rootkit Detection, Fixing Infections - 3/12/2008 5:20:00 PM
New AV-Test.org results reveal some nagging problems with antivirus products
Survey Hacks Security Career Conundrum
Spear Phishing Attack Unleashes 1.5M Spam Messages
LA Street Gangs Add ID Theft to Turf
 MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability: Microsoft Visual Studio
Published: 2008-08-19
Severity: HIGH
Description: stack-based
buffer overflow in the
maskededit activex control
in msmask32.ocx 6.0.81.69,
and possibly other versions
before 6.0.84.18, in
microsoft visual studio 6.0
allows remote attackers to
execute arbitrary code via a
long mask parameter, as
exploited in t...
Vulnerability: Symantec Veritas Storage Foundation
Published: 2008-08-19
Severity: HIGH
Description: the
management console in the
volume manager scheduler
service (aka
vxschedservice.exe) in
symantec veritas storage
foundation for windows (sfw)
5.0, 5.0 rp1a, and 5.1
accepts null ntlmssp
authentication, which allows
remote attackers to execute
arbitrary ...
Vulnerability: speedbit download_accelerator_plus, jcomsoft anigif
Published: 2008-08-18
Severity: HIGH
Description: multiple
stack-based buffer overflows
in the animation gif activex
control in jcomsoft
anigif.ocx 1.12 and 2.47, as
used in products such as
speedbit download
accelerator plus (dap) 8.6,
allow remote attackers to
execute arbitrary code via a
long argument to t...
Vulnerability: Kayako SupportSuite
Published: 2008-08-18
Severity: HIGH
Description: sql injection
vulnerability in
staff/index.php in kayako
supportsuite 3.20.02 and
earlier allows remote
authenticated users to
execute arbitrary sql
commands via the
customfieldlinkid parameter
in a delcflink action.
Vulnerability: Kayako SupportSuite
Published: 2008-08-18
Severity: MEDIUM
Description: multiple
cross-site scripting (xss)
vulnerabilities in kayako
supportsuite 3.20.02 and
earlier allow remote
attackers to inject
arbitrary web script or html
via (1) the sessionid
parameter in a livesupport
startclientchat action to
visitor/index.php; (2) the <...
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)
Apple  |  Application scanning  |  Application Security  |  Attacks / Exploits / Threats  |  Authentication  |  Black Hat  |  Black Hat  |  Botnets  |  Browser security  |  Computer crime  |  Consultants  |  Cross-site scripting  |  Digital certificates  |  DOS  |  Encryption  |  End-user monitoring   |  Host Protection  |  Industry Trends   |  Law enforcement  |  Legal & Regulatory Topics  |  Legislation  |  Malware  |  Managed services  |  Market Research  |  Messaging Security  |  Microsoft  |  Penetration testing  |  Penetration testing  |  Perimeter Security  |  Phishing  |  Policy management  |  Security Administration / Management  |  Security Industry  |  Security Services  |  Social engineering  |  Source-code auditing  |  Spam  |  Storage Security  |  Stored data losses  |  Trojans  |  User privacy  |  Viruses  |  Vulnerabilities  |  Vulnerability assessment  |  Vulnerability management  |  Vulnerability Management  |  Web application firewall  |  Web services security  |  Wireless security  |  Worms
Dark Reader Weekly Newsletter
Dark Reading Daily Newsletter
 MORE INFO
Copyright © 2008 United Business Media Limited - All rights reserved.
RSS FEED  |   ARCHIVE  |   FREE NEWSLETTER  |   ORDER REPRINTS  |   TECHNOLOGY MARKETING SOLUTIONS  |   TECHWEB  |   CONTACT US  |   USER PREFERENCES  |   HELP
Companies
3Com (17), Aventail (7), CA (18), Check Point (29), Cisco (150), Enterasys (5), F-Secure (9), F5 (5), HP (18), IBM (127), Intel (6), ISS (37), Juniper (36), Alcatel-Lucent (2), McAfee (172), Microsoft (1177), NetIQ (2), Nokia (3), Nortel (6), Oracle (44), Qualys (2), RSA (64), Secure Computing (19), Sun (11), Symantec (293), Trend Micro (29), VeriSign (36)

Application and Perimeter Security
802.11x (46), Anomaly detection (77), Anti-spam (146), Application quality assurance (31), Application scanning (149), Auditing (27), AVDL (1), Buffer overflows (106), CERT (11), Consultants (239), Cross-site scripting (180), CVE (7), Database encryption (56), Digital vaults (8), DOS (206), EAP/LEAP (1), Email gateways (237), Encryption (133), Filtering (54), Firewalls (319), FIRST (1), HIPAA (109), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (15), IDS (172), IM (82), IPS (274), ISO 17799 (8), Key management (70), Least-privilege user (54), License management (32), Malware (1384), NAC (290), Network IDS (34), NIST (18), OWASP (14), OWASP (11), Patch management (321), PCI (215), Penetration testing (237), Phishing (684), PKI (49), Rootkits (107), SAML (2), Software metering (4), Source-code auditing (86), SOX (93), SSL (186), Systems integrators (8), VPNs (257), Vulnerability assessment (827), Web App Security Consortium (8), Web App Security Consortium (18), Web application firewall (95), Web services security (635), WLANs (348), Worms (282), WPA (17), XML (27)

Desktop Security
Anti-spam (146), Antivirus (380), Application Security (1114), Attacks / Exploits / Threats (2934), Authentication (974), Browser security (743), Digital certificates (74), Digital signatures (51), Disk encryption (61), DRM (57), Encryption (634), File/folder encryption (39), Identity management (385), IM (82), Malware (1384), Messaging Security (517), PGP (5), Phishing (684), Rootkits (107), S/MIME (2), Security Administration / Management (1756), Social engineering (371), Spam (737), Spyware (272), Tokens (73), Trojans (369), User privacy (1579), Viruses (390), VOIP security (129), Vulnerabilities (3203), Vulnerability Management (422), Worms (282)

Discovery and management
Anomaly detection (77), Application scanning (149), AVDL (1), Black Hat (142), COBIT (8), Consultants (239), Content filtering (182), CVE (7), End-user monitoring (282), Filtering (54), FISMA (20), HIPAA (109), Host intrusion prevention (106), Host-based IDS (45), IDS (172), IDS (15), IPS (274), ISACA (1), ISO 17799 (8), Log aggregation (58), Network IDS (34), OWASP (14), OWASP (11), PCI (215), Penetration testing (237), Penetration testing (215), SAML (2), SIM/SEM (211), Source-code auditing (86), SOX (93), Vulnerability assessment (827), Vulnerability management (874), Web App Security Consortium (8)

Host security
802.11x (46), Application quality assurance (31), Authentication (974), Backup security (68), Biometrics (164), Buffer overflows (106), Digital certificates (74), Disk encryption (61), Encryption (634), End-user monitoring (282), HIPAA (109), Host anti-spam (80), Host anti-spyware (106), Host antivirus (115), Host intrusion prevention (106), Host Protection (517), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (15), IEEE (4), ISO 17799 (8), Least-privilege user (54), License management (32), NAC (290), P2P management (33), Patch management (321), PGP (15), Port control (12), Single sign-on (70), Smart cards (83), Software metering (4), SOX (93), Systems integrators (8), TCG (20), Tokens (73), User privacy (1579), Vulnerability Management (422), WPA (17)

Security services
Agency application (2), Application quality assurance (31), Application scanning (149), AVDL (1), COBIT (8), Consultants (239), FISMA (20), HIPAA (109), ISO 17799 (8), Managed services (306), PCI (215), Penetration testing (215), PKI (49), Policy management (483), SIM/SEM (211), Source-code auditing (86), SOX (93), Systems integrators (8)

Storage Security
AES (12), Backup security (68), COBIT (8), Database encryption (56), DES (3), Digital vaults (8), Disk encryption (61), Encryption (133), File/folder encryption (39), FIPS-140-2 (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), Identity management (118), ISO 17799 (8), Key management (70), Law enforcement (1083), Legislation (342), Offsite backup (26), PCI (215), PKI (49), SOX (93), Stored data losses (335), Systems integrators (8), Triple DES (3), User privacy (1579)

Wireless Security
802.11x (46), AES (12), Auditing (27), COBIT (8), Credential service provider (13), DES (3), Digital certificates (74), Digital signatures (51), DOS (206), EAP/LEAP (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (70), NAC (290), Network IDS (34), PCI (215), Penetration testing (215), PKI (49), Port control (12), Tokens (73), Triple DES (3), VPNs (257), Vulnerability assessment (827), WLANs (348), WPA (17)

InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMighty