-
Wireshark updates close security holes
The Wireshark development team hasannounced the release of versions 1.2.17 and1.4.7 of its open source, cross-platform network protocol analyser.
According to the developers, these maintenance and security updates address multiple vulnerabilities that could, for example, cause the application to crash “by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file”. These include issues related to a large/infinite loop in the DICOM dissector in Wireshark 1.4.x, and, in the 1.2.x branch, bugs in the X.509if dissector. A number of bugs in some of the 1.4.x dissectors have also been fixed. All users are advised to update to the latest versions.
-
Security threats Toolkit
How security will look in 10 years
1. Ubiquitous cloud computing.
2. ID and access management.
3. Public sector moves online.
4. The internet of things.
5. Mesh networks.
6. Mobile botnets.
7. Super-fast broadband.
8. DNSSEC.
9. IPv6.
10. Cyber warfare and industrial espionage.
-
Unusual disk latency:
The other day I met a friend and between some interesting conversations showed me this video, enjoy :P
-
Untangle 7.1
-
Protect your Network
Untangle protects you from malicious incoming Internet threats such as viruses, spyware, hackers, identity thieves and more.
-
Monitor Apps & Network
Monitor online behavior at the user, client and incident level. You can see what web sites are being visited, by whom, on what system.
-
Control your Network
Restrict access to inappropriate sites, manage when certain sites can be accessed, and control undesireable Internet activity, like web shopping during work hours.
-
-
Lynis 1.2.9
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.
What is Lynis NOT:
- Not a hardening tool: Lynis does not fix things automatically, it reports only (and makes suggestions).
Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.
-
Wireshark 1.2.5
Wireshark 1.2.5 (stable) has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available. This release fixes several security-related vulnerabilities. See the advisory for details.
-
Multiple Cisco WebEx WRF Player Vulnerabilities
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user.
The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server. The WRF Player can also be manually installed for offline playback after downloading the application from www.webex.com.
If the WRF Player was automatically installed, the WebEx WRF Player will be automatically upgraded to the latest, non-vulnerable version when users access a WRF file hosted on a WebEx server. If the WebEx WRF Player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml.
-
US drones hacked by Iraqi insurgents
• $26 (£16) software let militants view potential targets
• American official says flaw was identified and fixed
nsurgents in Iraq used software such as Skygrabber to hack into American drones. Photograph: Ethan Miller/Getty
One of America’s most sophisticated weapons in the conflicts in Iraq, Afghanistan and Pakistan, the unmanned drone, has been successfully penetrated by insurgents using software available on the internet for $26 (£16).
Insurgents in Iraq intercepted live video feeds from the drones being relayed back to a US controller and revealing potential targets. A US official said the flaw was identified and fixed in the past 12 months.
The problem only came to light after the US found many hours’ worth of videotaped recordings on militant laptops late last year and earlier this year.
The insurgents used software programmes such as Skygrabber, developed by a Russian company and originally intended to download music and videos from the internet.
-
Android Forensics
The Android mobile platform has generated wide support in the cell phone and mobile device market and is growing each day. However, there is very little research and even fewer experts in this emerging technology. viaForensics has performed extensive research and development and will soon release a book on Android Forensics. Download our Android Forensics Presentation presented at Mobile Forensics World 2009 for more information.
