|
Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
Wednesday, February 29, 2012
Time to upgrade?
Mozilla's 'modest proposal:' Dump the smartphone OS
How to protect your online privacy | iPad 3 concept video: How Apple could really blow us away | ||||||||||
Network World Daily News PM | ||||||||||
Mozilla's 'modest proposal:' Dump the smartphone OS RESOURCE COMPLIMENTS OF: Research In Motion Introducing BlackBerry Mobile Fusion Now all personal and corporate-owned BlackBerry® smartphone and BlackBerry® PlayBook devices can seamlessly access business data and applications on a single, secure management platform. Soon, Apple® iOS and Google® Android devices will be able to do the same. Learn how this new approach will end mobile chaos at blackberry.com/mobilefusion In this Issue
WHITE PAPER: NetIQ First Industy-Wide BSM Maturity Benchmark Study This first-of-its-kind benchmark study reporting the IT and Business maturity illustrating the business service management imperative today. The survey offers insight into the current and future state of the Business Service Management imperative across global organizations. Learn More How to protect your online privacy iPad 3 concept video: How Apple could really blow us away Windows 8 offers no management help for ARM devices WHITE PAPER: HP & Intel CI for Dummies eBook This book will help you understand why infrastructure convergence has been widely accepted as the optimal approach for simplifying and accelerating your IT to deliver services at the speed of business while also shifting significantly more IT resources from operations to innovation. Learn more Microsoft's Azure cloud suffers serious outage Alleged RSA crypto flaw hotly debated Women Take Social Privacy More Seriously Than Men Do WHITE PAPER: Tripwire Protecting Your Data in Today's Threat Landscape Today's threats to critical systems and valuable data come from more sources than evera ticked off employee who seeks revenge, or activists seeking to expose sensitive data. Learn More! BYOD: There is no stopping employees' devices on your network Riverbed teams with Akamai to boost SaaS performance Who do you blame when IT breaks? Toolset lets mobile carriers meld core services with the Web Who needs Dancing with the Stars when we've got Dancing Android Robots? | ||||||||||
SLIDESHOWS 15 worst data breaches CISCO SUBNET MOST-READ STORIES
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |
[SECURITY] [DSA 2422-1] file security update
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2422-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 29, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : file
Vulnerability : missing bounds checks
Problem type : remote
Debian-specific: no
The file type identification tool, file, and its associated library,
libmagic, do not properly process malformed files in the Composite
Document File (CDF) format, leading to crashes.
Note that after this update, file may return different detection
results for CDF files (well-formed or not). The new detections are
believed to be more accurate.
For the stable distribution (squeeze), this problem has been fixed in
version 5.04-5+squeeze1.
We recommend that you upgrade your file packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJPTpUrAAoJEL97/wQC1SS+xjIH/RKCNTX9XDy9RmKnLubx5gME
e3MOWFZHk0ZOaNAuorRmyrxygbRkLPVMNECTKenv2eE1CORYIHBvzFDZXNn0Yl+9
+NS2KkmwpigU33Tu/8NfuG/xsoLl9fS1a3iJU+yVeEC14gdr0Nw5OtLzSP5C6HUS
KcXZRXQZoHs21SrdotBm0Lx86tmoluZ1QtWmlacJcFnGwMLi3sRBwkE57UufEgCj
dd8BD79tdVWm2YlPjnnfpG8Pe+ikq4tIxDHEKHfsFudUxgeSDAZaHjBvF/2xXrxn
nEjOjbCpaQT9hUaaBzAxFh10qPiKKV4oA3ueR1RZt/T8XMbTXJAM54NYutF2b7Q=
=kRH8
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87aa41e4x7.fsf@mid.deneb.enyo.de
[SECURITY] [DSA 2421-1] moodle security update
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2421-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 29, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : moodle
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586
CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793
CVE-2012-0794 CVE-2012-0795 CVE-2012-0796
Several security issues have been fixed in Moodle, a course management
system for online learning:
CVE-2011-4308 / CVE-2012-0792
Rossiani Wijaya discovered an information leak in
mod/forum/user.php
CVE-2011-4584
MNET authentication didn't prevent a user using "Login As" from
jumping to a remove MNET SSO.
CVE-2011-4585
Darragh Enright discovered that the change password form was send in
over plain HTTP even if httpslogin was set to "true".
CVE-2011-4586
David Michael Evans and German Sanchez Gances discovered CRLF
injection/HTTP response splitting vulnerabilities in the Calendar
module.
CVE-2011-4587
Stephen Mc Guiness discovered empty passwords could be entered in
some circumstances.
CVE-2011-4588
Patrick McNeill that IP address restrictions could be bypassed in
MNET.
CVE-2012-0796
Simon Coggins discovered that additional information could be
injected into mail headers.
CVE-2012-0795
John Ehringer discovered that email adresses were insufficiently
validated.
CVE-2012-0794
Rajesh Taneja discovered that cookie encryption used a fixed key.
CVE-2012-0793
Eloy Lafuente discovered that profile images were insufficiently
protected. A new configuration option "forceloginforprofileimages"
was introduced for that.
For the stable distribution (squeeze), this problem has been fixed in
version 1.9.9.dfsg2-2.1+squeeze3.
For the unstable distribution (sid), this problem has been fixed in
version 1.9.9.dfsg2-5.
We recommend that you upgrade your moodle packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk9OiDwACgkQXm3vHE4uylo/hgCeJ3spjXWQ6u8IFGD46zvojo9q
uxwAn2rERp2dJLBEJBEE7ak0bJtONxjZ
=YNgS
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120229202234.GA30026@pisco.westfalen.local
GENBAND announces UC solutions at MWC
3 questions for Microsoft's Windows Phone chief | Cisco brings Hotspot 2.0 carrier-network smarts to its Wi-Fi | ||||||||||
Network World Convergence and VoIP | ||||||||||
GENBAND announces UC solutions at MWC WEBCAST: VMware Automating Infrastructure and Operations Management Attend this webcast to learn how the new VMware vCenter Operations Management Suite allows IT to: - Dramatically simplify services - Automate service delivery and management View Now! In this Issue RESOURCE COMPLIMENTS OF: ShoreTel ShoreTel Mobility ends the chaos of BYOD Unlike most IP phone systems, ShoreTel was actually made just for IP. So where others offer built-in complexity & cost, ShoreTel builds in ease, scalability, and the industry's lowest total cost of ownership guaranteed. See the difference. 3 questions for Microsoft's Windows Phone chief WHITE PAPER: Internap New eBook: Enterprise IP Buyer's Guide We are all aware of the impact performance can have on the bottom line. Organizations are increasingly choosing Website Performance Optimization (WPO) technologies to boost reliability, availability and their bottom line. Learn More Cisco brings Hotspot 2.0 carrier-network smarts to its Wi-Fi WHITE PAPER: APC How Data Center Management Software Improves Planning Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. Learn More The astronomy and math behind leap day | ||||||||||
SLIDESHOWS 15 worst data breaches CISCO SUBNET MOST-READ STORIES
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_convergence_voip_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |
WindowsNetworking.com - Introduction to System Center Operations Manager 2012 (Part 6) - Monitors
Hi Security World,
Title: Introduction to System Center Operations Manager 2012 (Part 6) - Monitors
Author: Scott D. Lowe
Link: http://www.WindowsNetworking.com/articles_tutorials/Introduction-System-Center-Operations-Manager-2012-Part6.html
Summary: In this, part 6, you will continue to investigate the OpsMgr interface and discover how monitors work.
Visit the Subscription Management (http://www.techgenix.com/newsletter/) section to unsubscribe.
WindowsNetworking.com is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@windowsnetworking.com
Copyright © WindowsNetworking.com 2012. All rights reserved.
ISAserver.org - Publishing Microsoft SharePoint 2010 with Forefront TMG and different authentication options (Part 2)
Hi Security World,
Title: Publishing Microsoft SharePoint 2010 with Forefront TMG and different authentication options (Part 2)
Author: Marc Grote
Link: http://www.ISAserver.org/tutorials/Publishing-Microsoft-SharePoint-2010-Forefront-TMG-different-authentication-options-Part2.html
Summary: This two part article series will explain how to use Microsoft SharePoint Server 2010 and Forefront TMG different authentication options to securely publish SharePoint to the Internet.
Visit the Subscription Management (http://www.techgenix.com/newsletter/) section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@isaserver.org
Copyright © ISAserver.org 2012. All rights reserved.
Miami Dolphins dive into cloud analytics
10 most powerful PaaS companies | Cisco takes first step in delivering on SecureX vision | ||||||||||
Network World Network/Systems Management | ||||||||||
Miami Dolphins dive into cloud analytics RESOURCE COMPLIMENTS OF: Ipswitch WhatsUp Gold WhatsUp Gold - IT Management Made Simple Wish you had a powerful, proactive monitoring and management solution to easily manage your network? WhatsUp Gold is at work on over 100,00 networks and is the most intuitive, comprehensive, and cost-effective network management solution available today. WhatsUp Gold is IT Management Made Simple. Try it free for 30 days! In this Issue
WHITE PAPER: PC Mall Networking and Cloud: An Era of Change As you deploy cloud infrastructure and operating models in your organization, the role that networking plays and the impact of these models on your networks may not always be clear. This document discusses the importance of the network to cloud computing, why the network must change, and what Cisco is doing to lead these changes. Learn More! 10 most powerful PaaS companies Cisco takes first step in delivering on SecureX vision Microsoft, Hortonworks to link Excel and Hadoop WHITE PAPER: BMC Looking Ahead: A Cloud Report from 2015 BMC CIO, Mark Settle, looks to the future and describes how he envisions cloud computing will evolve by 2015. The world of underutilized servers, security concerns, long provisioning cycles and spending 60% of the IT budget on application maintenance, data center operations, and facility expenses are history. Read More Kansas City businesses dream big with Google Fiber, despite uncertain availability What's hot at RSA 2012 Wireless network demands push carriers to innovate WEBCAST: NetIQ Disaster Recovery Planning and the Cloud Find out how virtualization is the stepping stone to the cloud and how to leverage virtualization technologies today to reduce the cost and improve the performance of your disaster recovery plan. Learn More! Quick look: Silicon Valley's wicked young CEOs IT execs must shift security approaches Using forensics to deeply understand the security impact of iOS and Android in the enterprise | ||||||||||
SLIDESHOWS 15 worst data breaches CISCO SUBNET MOST-READ STORIES
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_network_systems_management_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |