I found multiple vulnerabilities in software from Schneider Electric, used to monitor industrial monitoring devices. It reveals a very poor security design. The editor was informed and I am waiting for its acknowledgement. I will disclose more details once the issues are patched.
A big change on Security Focus is going to happen. Except the vulnerability database, most of its content and resources are going to move to Symantec. RIP.
¶
Posted 12 March 2010
§
Security § Web
‡
°
Also tagged:
Nessus 4.2 is out. I tried it out and I must say that the new UI is great. I am not a big fan of Flash and I regret this choice. However, the design is excellent, all options are accessible in a logical way. Instead of spreading over the options like it used to be, [...]
A security advisory on OpenSSL has recently been published. Details are there and there. It is vulnerable to a MiTM attack where the attacker can intercept and retrieve the credential to a trusted HTTPS website, by intercepting the session cookie sent back to the client. A proof of concept of an attack against Twitter was [...]
I am using the 2.6.30 kernel sources from Kernel:linux-next and noticed that it has not yet been patched against the ’sock_sendpage()’ NULL Pointer Dereference vulnerability. The threat is serious as it could allow a local user to gain root privileges. Those who compile their own 2.6.x kernel should apply this patch (from Linus, check there [...]
I will post later a few examples of network attacks. But, before that, I want to clarify what I call a network attack. I see many people making a confusion about the use of this term, even among professional or specialized journalists. Whenever there is a hack originated from the Internet, they call it a [...]
Due to the recent security hole discovered in Debian, which has also concerned various distributions – of course including Ubuntu – for 2 years, I simply closed all my SSH and OpenVPN accesses. I have had no time so far to check all the keys on my server. I prefer to stay on the safe [...]
Since the new cold boot attack hack is on the news, touching most of the software encryption solutions, I have wondered if it had any chance to concern also hardware encryption. Hardware encryption is provided by a few laptop makers, generally on high-range an business models. It has much less performance impact than software encryption, [...]