348 posts tagged Security Advisories

Zero-day code execution exploit in IE7 and 8 beta 0-day Internet Explorer “Print Table of Links” Cross-Zone Scripting Vulnerability By Aviv Raff Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature.

Several flaws werer reported in the way libvorbis processed audio data. The risk is MEDIUM. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. More...

If you’re using Debian or Ubuntu, it looks like you need to generate a new set of keys immediately, if not sooner! The SSH keys on those systems used the PID of the process as a seed for generating the old keys, which severely limits the randomness of the keys and has made it possible for a rainbow table of all possible keys to be generated.

LinuxSecurity.com: USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates.

CCT - Cookie Crap Terminator for Microsoft Windows™ XP and Vista Many people don’t realize that Google, Gmail, Yahoo, Yahoo Mail and Hotmail cookies can abuse their right on privacy. At the same time webmail cookies are a security risk too, they are e.g. vulnerable for cross-site scripting (XSS) attacks.

xsschecker.py.txt May 15th, 2008 Cross site scripting fuzzing utility written in Python. View original here: xsschecker.py.txt Posted in Exploit | No Comments »

sqlfuzzer.py.txt May 15th, 2008 SQL Injector version 1.0 is a fuzzing utility written in Python. Read the original here: sqlfuzzer.py.txt Posted in Exploit | No Comments »

Rich and I got a chance to talk to Ron Gula, CEO of Tenable Network Security about the changes that were made today the the changes in the Nessus licensing model. This is a follow up to the post I wrote this morning and explains the reasoning behind the changes straight from the man in charge.

Description: =========================================================== Ubuntu Security Notice USN-612-6 May 14, 2008openvpn regressionhttps://launchpad.net/bugs/230193https://launchpad.net/bugs/230208http://www.ubuntu.com/usn/usn-612-3===========================================================A

Last time Nessus changed their licensing model, there was a big uproar. Many people, including me, thought it was a huge error on their part and that it’d drive folks away from using Nessus. Luckily we were wrong; Nessus and Tenable are still around and still the most popular scanning solution available.