Cisco’s VOIP Vulnerability
Cisco systems annouced a particularly serious vulnerability that would allow attackers to cripple internal telephone networks.
Continue Reading Add comment July 22nd, 2005
Archive for July 22nd, 2005
Phlooding?!?!?!
According to AirMagnet, Phlooding is defined as “group of simultaneous but geographically distributed attacks that targets a business’s authentication or network log-in structure, with the goal of overloading its central authentication server.”
Continue Reading Add comment July 22nd, 2005
IIS 6.0 Best Practice - A Joke?
At least Microsoft is making an attempt to informa systems admins of security best practices for IIS 6.0. Most of them are common sense and seem to belittle a system administrator, there are a few nuggets in there…however.
Continue Reading Add comment July 22nd, 2005
Slut Box
“Slut-box is a network-accessible box for everyone to compromise. It offers a (barely) real-life server in a (barely) believable configuration - whatever can be set up in a few of hours. The OS and the configuration change from time to time, so it might be worth to visit slut-box more than once.”
Continue Reading Add comment July 22nd, 2005
Apache Security Resource
For those of you running Apache web servers, Apache publishes a list of best practices for all those who want to lock down there server. You can find these tips at http://httpd.apache.org/docs/1.3/misc/security_tips.html
Add comment July 22nd, 2005
PHP TopSites Setup.PHP Authentication Bypass Vulnerabili
PHP TopSites is prone to an authentication bypass vulnerbility. An attacker may bypass authentication and gain access to the vulnerable application.
Continue Reading Add comment July 22nd, 2005
Introduction to the CISSP
The CISSP Certification has become the industry standard security certification. It is the premier certification designed to illustrate and strengthen a security professionals competency and confirm his or her advanced security knowledge.
Continue Reading Add comment July 22nd, 2005
Microsoft to Pay Bounty to Sasser Informats
As Sven Jaschan, the nineteen year old convicted of writing the sasser worm, has to spend thirty hours serving the community as punishment for his crimes, those who informed law enforcement are basking in their newly found riches.
Continue Reading 1 comment July 22nd, 2005
Cross Site Scripting and Apple.com
Apple.com was recently discovered to have three serious Cross Site Scripting (XSS) vulnerabilities by an independent security researcher. These vulnerabilities affected a large portion of the Apple website, including its online store and other sensitive areas.
Continue Reading Add comment July 22nd, 2005
Oracle Doesn’t Take Security Seriously
Last week Oracle released a massive collection of patches to fix fifty security holes found throughout its software. However, a security team claims that Oracle is still lax on its security as it was informed about many of these vulnerabilities years ago.
Continue Reading Add comment July 22nd, 2005