Top 10 Programming Skills That Will Get You Hired | Carnegie Mellon develops wee QWERTY texting technology for impossibly tiny devices | ||||||||||
Network World After Dark | ||||||||||
Improv group comes to rescue of texting pedestrians with Seeing-eye People WHITE PAPER: HP and Intel® Xeon® processors Top 10 Benefits of Virtualization In this eGuide, Network World sister publications InfoWorld, and PC World examine some of the current uses of blade servers in today's data center, as well as how trends such as server virtualization are reshaping enterprise computing. Read Now! In this Issue
WEBCAST: Meru Networks Advanced WLAN Architectures for BYOD and Beyond Join industry - expert Craig Mathias and Robert Crisp from Meru Networks as they discuss today's key IT challenges View Now Top 10 Programming Skills That Will Get You Hired Carnegie Mellon develops wee QWERTY texting technology for impossibly tiny devices White House program targets IT jobs for service members HP refreshes data center core and aggregation with SDN switches Universities Closing Big Data Talent Gap But Need Real Data Microsoft links Skype voice, video calling to Outlook.com Apache servers ambushed by sophisticated backdoor attacks 11 Profiles in Bad Leadership Behavior CIO Takes the Less-Traveled Path to IT Career Success Twitter's 'Who to follow' feature sometimes gets lost Interop: The quiz | ||||||||||
SLIDESHOWS Median pay for tech CEOs in 2012 was $10.7 million, according to Network World's analysis of CEO compensation in the tech industry. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). MOST-READ STORIES 1. IBM launches an appliance for the 'Internet of Things' 2. FAQ: Phishing tactics and how attackers get away with it 3. Brocade unleashes a data center barrage 10. 10 years of the iTunes Store 6. iPhone 6 rumor rollup for the week ending April 26 5. 25 must-have technologies for SMBs 4. iPhoneys 6: The iPhone 6 and iPhone 5S edition 7. Windows 8 update: Transition from Android to Windows Phone made easier 8. How big is cloud's impact? Depends on who's asking
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_after_dark_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2013 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |
Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
Tuesday, April 30, 2013
Improv group comes to rescue of texting pedestrians with Seeing-eye People
Need your voice at the immigration visit in New York this Thursday
Joe -- This Thursday during the congressional recess, OFA supporters in New York are getting together to visit your representative's local office. We're sending one important message: We support passing comprehensive immigration reform now. It's an opportunity to show the lawmakers who are on our side that we have their backs in this fight -- and let everyone who plans to stand in the way of reform know that we will hold them accountable. Can you join in? RSVP to be a part of the office visits this Thursday and voice your support for reform: What: Visit your representative's office in New York Where: 780 3rd Ave #2301 New York, NY 10017 When: Thursday, May 2nd 12:00 pm Two weeks ago, a bipartisan group of eight senators introduced groundbreaking legislation that gets us one step closer to passing comprehensive immigration reform. We hear they'll be debating the issue in the Senate soon, and it'll be a big part of Congress' agenda over the next several weeks. That's why lawmakers need to hear from their constituents while they're home over the recess. Make your voice heard -- RSVP today to visit your local representative's office in New York on Thursday: http://my.barackobama.com/Immigration-Reform-May-2nd Thanks, Emmy Emmy Ruiz Immigration Campaign Manager Organizing for Action ---------------- A movement of millions elected President Obama. Let's keep fighting for change. Chip in $5 or more to support Organizing for Action today. | |
| |
Contributions or gifts to Organizing for Action are not tax deductible. | |
This email was sent to: securityworld@gmail.com. |
firewall-wizards Digest, Vol 64, Issue 17
firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. OpenBSD IPSEC VPN question (David Lang)
2. Re: Linked-in and its Phishing-like contacts option!
(lordchariot@embarqmail.com)
3. Re: firewall-wizards Digest, Vol 64, Issue 3 phishing (David Lang)
4. Re: Proxy advantage (David Lang)
5. Re: Linked-in and its Phishing-like contacts option! (David Lang)
----------------------------------------------------------------------
Message: 1
Date: Mon, 29 Apr 2013 04:39:04 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: [fw-wiz] OpenBSD IPSEC VPN question
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290435120.18827@nftneq.ynat.uz>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
I'm seeing some odd reports on the rsyslog mailing list where someone is climing
that when using an IPSEC VPN on OpenBSD they have to explicitly set the source
IP address for all connections out from the firewall (tunnel endpoint) or else
the connection won't go through the tunnel. The person reporting this is
proposing modifications to rsyslog to have it force the local IP address for
outbound connections as a work-around for this problem
This sounds very wrong to me, but can anyone speak up who knows this OS?
It seems to me that a VPN that requires all applications to be modified to set
the outbound source IP before the VPN will be used is a very broken VPN. This
does not mesh well with the reputation that OpenBSD has.
David Lang
------------------------------
Message: 2
Date: Tue, 30 Apr 2013 12:20:39 -0400
From: <lordchariot@embarqmail.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <001401ce45be$a7e9c020$f7bd4060$@embarqmail.com>
Content-Type: text/plain; charset="UTF-8"
> I'm honestly not sure how we could block this stuff in a web-proxy, or be
> alerted by an IDS rule short of just blocking the sites.
> (Maybe this will start more discussion. How would one try this?)
I have a lot of requests from customers to try to make the web read-only. The main use cases are for social network, blogs/wikis, and commenting on posts. The fundamental ways to do this are to 1) have MITM SSL decryption, and 2) block the POST method for specific sites. Most commercial proxies can do this and even squid does SSL MITM.
By blocking POST to certain categories of sites and only allowing the POST for the */logon pages, users can view all the facebook/twitter/youtube they want, but can't write anything outbound to the site. It's pretty effective.
e?
_____________________________________
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Bruce Platt
Sent: Friday, April 26, 2013 7:41 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
I have a love/hate relationship with these as well. I was only tempted down this perfidious path a few years ago when a set of my Grandchildren asked me to get a Facebook account so we could interact that way as they live on the other coast from me. I started disliking it within five minutes when a former employer sent me a request to "friend" him. Then it became an issue of who can I not be "friends" with among my contemporaries.
Same with Linked-In, same with Twitter.
Up to this point I'm just addressing the personal inconvenience aspect of it, which is why I chose Crispan's post to which to reply.
But, the larger issue is really the risk of exposing all sorts of personal / corporate information in a variety of unwitting ways. This is the part I hate. We've had many discussions about the risks of allowing people to use social media web sites from work. It's a losing battle. Entering one's email password is just one, and Linked-In is not the only villain. I just made some flight reservations yesterday. The airline website offered to add the reservation to my Calendar. Not let me download a .cal file, but to directly insert it into my calendar. Uh, no. Not today.
But, this now get's added to our list of worst practices and meet's Paul's criteria of being part of overall operational security. I'm honestly not sure how we could block this stuff in a web-proxy, or be alerted by an IDS rule short of just blocking the sites. (Maybe this will start more discussion. How would one try this?)
Mix these with BYOD, and it makes a daunting task indeed.
Cheers
--
+------------------------------------+
Bruce B. Platt, Ph.D.
V.P. Research
ei3 Corporation
136 Summit Avenue
Montvale, NJ 07645
Phone: +1-201-802-9080 ext. 404
Facsimile: +1-201-802-9099
On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin@crispincowan.com> wrote:
I boycott all social media. I?m not opposed to social networking, but I am opposed to some dot.com monetizing my relationships; I do all my social networking via open protocols like e-mail, and having a beer with a friend ?
I broke this rule once, joining LinkedIn 5 years ago, because I needed a job. LinkedIn was a total failure at getting a job, but attending ToorCon and having a beer with someone I met there worked. I deleted my LinkedIn account when I got tired of the ?Foo wants to connect with you? spam. I?m still getting LinkedIn spam.
Screw social networking web sites. I don?t have a FaceBook page or a Twitter account, and never will.
Funny, I never envisioned myself as Clint Eastwood yelling at kids to get off my lawn, but here I am ?
Sent from Windows Mail
From: Gautier . Rich
Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
To: Firewall Wizards Security Mailing List
Thoughts? I?m wondering why User Operational Security falls under the realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone by any stretch of the imagination, and plenty of users seem to be perfectly willing to accept the risk (or be unaware of it). However, not much you can do on the firewall side other than turning off webmail access...
Richard Gautier, CISSP
Enterprise Architect, Federal Group
650 Massachusetts Avenue NW
Suite 510
Washington, DC 20001
Office: (571) 226-8828 | Cell: (703) 231-2156
rgautier@drc.com | www.drc.com
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
Sent: Monday, April 22, 2013 7:30 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!
Hiya all.
Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!
Bloody hell! It's not like the job of getting users to not submit this information to other sites isn't already hard enough without this!!! The "can't put brains in pumpkins " department must be having a field day over this.
Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?
Maybe I am expecting too much? Thoughts?
--
Regards,
M@
--
"Some things are eternal by nature,
others by consequence"
________________________________________
This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
Message: 3
Date: Mon, 29 Apr 2013 08:15:02 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] firewall-wizards Digest, Vol 64, Issue 3
phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Cc: Marcus Ranum <mjr@ranum.com>
Message-ID: <alpine.DEB.2.02.1304290812320.28665@nftneq.ynat.uz>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Mon, 15 Apr 2013, Dave Piscitello wrote:
> Cloud is simply the current incarnation of server (LAN/farm, data
> center, virtualization...). I really don't see that the security
> issues have changed all that much (evolved maybe), or approaches to
> solving them.
Except with the "Cloud" you as an organization give up a lot of the tools that
have been used in the past to secure things.
Plus, you have the DevOps approach being misinterpreted by management to mean
"engineers can do everything, they can bypass those annoying ops and security
folks to get things done"
It's going to be an interesting few years as everyone learns that you still need
admins and security folks in the cloud.
David Lang
------------------------------
Message: 4
Date: Mon, 29 Apr 2013 08:25:09 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] Proxy advantage
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290819430.28665@nftneq.ynat.uz>
Content-Type: text/plain; charset="iso-8859-15"; Format="flowed"
If you start with the premise that the only thing that's a firewall is a packet
filter, especially with deep packet inspection being optionsl, then you are
going to be in rather bad shape.
I have run a fairly large organization with proxy firewalls (800+ people, 100+
separate networks), it can be done. In some areas it bypasses whole classes of
problems.
Even for user desktops you can do it, but you need to get a good proxy, not just
install squid and think that you've gained a lot.
Yes, it breaks some things, but rather than there being 10% 'good' apps, it's
more like 1% completely broken apps, and 20% apps that need special
configuration (the vast majority of this 20% are not desktop apps, and if you
are willing to look at other tools rather than sticking with fighting to make a
tool work that's not proxy friendly, it's usually not a big problem)
Remember that you will need to do SSL MITM with your proxy, so you will need to
deploy your own CA certs on desktops.
David Lang
On Tue, 16 Apr 2013, Magos?nyi ?rp?d wrote:
> On 04/15/2013 11:13 PM, Paul D. Robertson wrote:
>> I've always railed against DNS tunneling. It seems to be rearing its ugly head again. Today with all the in-band HTTP attacks, it once again seems the major advantage of a proxy server is not having to pass DNS down to the client. Should this be a best practice?
>
> It seems like a good idea, which is easy to execute. I see you ending up
> with either hundreds of angry end-users who were using non-http
> applications, or carefully migrating thousands of them one-by-one to a
> new AD domain which does not know about your real DNS servers. And after
> two months busily analysing http proxy logs to figure out how much of
> your users were connected to the C&C.
> Okay, I am exaggerating, and I do think that the idea is worth a
> thought. Just wanted to point out that
> 1) there are exceptions, and this is without exception
> you will still have to provide internet dns to them, and have the
> measures against dns tunneling.
> And yes, it is much easier if you know that > 10 lookup/min is either
> your http proxy, or a reverse proxy.
> 2) you will still be hit by http reverse proxies
> And yes, you can at least have the opportunity to control them from a
> central point, as before.
>
> On a general level:
>
> The best practice would be to proxy everything, and let in only the
> traffic which adheres to the respective standards, the firewall
> understands and finds harmless.
> Let's see how it works out in real world:
> 1. Adheres to standards
> Maybe 10% of the current traffic? Proprietary protocols and protocol
> extensions, misimplementations, horrific web pages, etc.
> 2. The firewall understands it
> Your average packet filter is ignorant to nearly anything which is
> not needed for pushing the traffic through the device.
> Your average proxy firewall, which knows a bit more about the basic
> protocols, so it can stop some attacks on that level.
> And there are the toolkit firewalls (I know only Zorp as an instance
> of this kind), which know all the ins and outs of the basic protocols,
> can do anything with them, and relatively easy to teach them higher
> level ones. But they need a lot of tuning to get to the level which
> really gives better protection than an average firewall.
> There are high-level gateways (like the xml proxies) which may
> understand things even on layer 7, but know only very few protocols, and
> in most cases only a subset of them.
> And there are the ESBs, which can do anything with the cost of
> configuration complexity - nearly like a toolkit firewall, but maybe for
> less protocols - , but have a distinct use case, which is not about
> security.
> 3. the firewall finds it harmless
> If adheres to standards and we understood it, then we alredy know
> whether it is harmless. With protocols and passive contents it is easy,
> and we can proof that we understood the content by disassembling and
> reassembling it (this is what Zorp and ESBs do).
> But active content (from software updates through pdf/word documents
> to javascript) is another thing. We either trust them based on the
> provider of content, deny them, try to get some assurance, or use some
> kind of sandbox (from the one built in to the web browser/java vm to
> malware isolation products). They are either unacceptable from the
> business perspective (deny), inherently insecure (most of the malware
> detection stuff violates the "default deny" principle), have extensive
> operational burden (maintaining trust related database/ensuring leakless
> sandboxen), or all of the above.
>
> Once upon a time we optimistically assumed that if enough operators deny
> non-adhering, potentially harmful content, providers of such content
> will adhere to safe standards. It turned out to be a dream.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 5
Date: Mon, 29 Apr 2013 08:29:27 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290828210.28665@nftneq.ynat.uz>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
On Fri, 26 Apr 2013, Gautier . Rich wrote:
> Yes, that's what I meant...turn off Webmail access entirely - I was mostly
> kidding - but if it's something that you can afford to do [users all have
> working VPNs, e.g.] - it would reduce a great deal of risk. ;)
when you say turn off webmail, do you mean to cut off access to public webmail
servers from inside your network? or do you man to not run things like OWA that
expose your company mail to the Internet?
David Lang
> Oh, and can that guy who gave the "God, whatever you do, don't fire your
> network geek" speech please come and give a motivational speech here?
>
> Richard Gautier, CISSP
> Enterprise Architect, Federal Group
>
> 650 Massachusetts Avenue NW
> Suite 510
> Washington, DC 20001
> Office: (571) 226-8828 | Cell: (703) 231-2156
> rgautier@drc.com | www.drc.com
>
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Jim Seymour
> Sent: Friday, April 26, 2013 11:39 AM
> To: firewall-wizards@listserv.icsalabs.com
> Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
>
> On Wed, 24 Apr 2013 19:26:01 +0000
> "Gautier . Rich" <RGautier@drc.com> wrote:
>
>> Thoughts? I'm wondering why User Operational Security falls under the
>> realm of Firewall Wizards..
>
> I think of it this way: Firewall security, in and of itself, doesn't get the job done. You may have the most bullet-proof border the world has ever seen, but, unless that bullet-proof-ness means essentially blocking everything, both incoming and outgoing, it will not be enough. A layered defense is mandatory. One of those layers is end-user operational security.
>
> Our goal is to protect the organizational jewels, no?
>
> Besides: We've pretty-much beaten stateful/deep-packet inspection vs.
> application proxy to death, no? :)
>
>> ... plenty of users seem to
>> be perfectly willing to accept the risk (or be unaware of it).
>
> Both, IME.
>
>> However, not much you can do on the firewall side other than turning
>> off webmail access...
>
> Turning off webmail access? How would one accomplish that, exactly, without essentially turning off web access entirely?
>
> As for LinkedIn: I've received so many LinkedIn emails reported as spam at work that they've occasionally been there. I may have them listed on my mailserver at home, for the same reason. (Possibly so. Can't say as I've seen LinkedIn spam for a while.)
>
> This nonsense of them asking for "work email password" is grounds, in _my_ view, to block them entirely. That's intolerable. I'm going to see if I can do that.
>
> But I'm old school. I don't believe convenience, golly-gee-whiz-bang, and _especially_ "social networking" ought to trump security. Generally my bosses tend to agree. (Esp. ever since a couple of the Big Guys attended some-or-another network security briefing, which incl. a retired FBI agent, and were told that "whatever your network security is, it's probably not good enough" and "for God's sake, whatever you do, do not lose your network geek" ;).)
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> ________________________________
>
> This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 64, Issue 17
************************************************
Special Invitation: Consumerization of IT in the Enterprise Conference
You're invited to join us for the Consumerization of IT in the Enterprise (CITE) Conference & Expo, June 2-4th in San Francisco, California! CITE Conference & Expo is the leading event focused on the emerging issues, demands and opportunities surrounding the infusion of consumer technologies into today's workplace.
Register now and save $300 off conference registration (regularly $995) at: http://www.citeconference.com/specialprice
CITE 2013
June 2-4th
Marriott Marquis
San Francisco, California
From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
Industry leaders selected to speak at CITE 2013, include:
-Judy Batenburg, VP, IT Infrastructure & Operations, Starz Entertainment
-Lawrence Coburn, Co-Founder & CEO, DoubleDutch
-Steve Damadeo, IT Operations Manager, Festo Corporation
-Nathan McBride, Vice President, IT & Chief Cloud Architect, AMAG Pharmaceuticals
-Brian Katz, Director, Mobility Engineering, Global Infrastructure Services, Sanofi
-Tony Lalli, Vice President, Technology Consultant, Bank of New York Mellon
-Tom Petrocelli, Senior Analyst, Social Enterprise, Enterprise Strategy Group (ESG)
-Brandon Porco, Chief Technologist & Solutions Architect, Northrop Grumman
-Ted Shelton, Managing Director, Social Enterprise Strategy, PricewaterhouseCoopers LLP (PwC)
View the agenda at: http://www.citeconference.com/2013Agenda
Register now at: http://www.citeconference.com/specialprice
To learn more about CITE, go to www.citeconference.com
The CITE team will lead a series of Twitter chats focused on key topics of interest to the audience. The chats will be held on Fridays at 1 pm ET beginning May 3, with topics as follows:
May 3: Mobile devices
May 10: Mobile apps
May 17: The User Experience
May 24: Consumerization and the Changing Face of IT
To join or listen to a CITEchat, please follow @CITEconference on Twitter and the hashtag #CITEchat.
Learn about the latest Consumerization of IT news, analysis, product reviews, and trends at: http://www.citeworld.com/
CITE 2013 Sponsors:
Game Changer:
AT&T
Cisco
Citrix
IntraLinks
Innovator:
Box
Next Gen Plus:
AirWatch
AppSense
JIVE
MOBI
WatchDox
Next Gen:
Bitzer Mobile
BoardVantage
Capriza
EffectiveUI
i7
K2
ITinvolve
OutSystems
TrackVIA
View CXO Media's online privacy policy
Copyright 2013 | CXO Media Inc. | 492 Old Connecticut Path | Framingham MA 01701 | www.cxo.com
VMware View Best Practices Guide
| |
|
|
[SECURITY] [DSA 2665-1] strongswan security update
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2665-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
April 30, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : strongswan
Vulnerability : authentication bypass
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2944
Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN
solution.
When using the openssl plugin for ECDSA based authentication, an empty, zeroed
or otherwise invalid signature is handled as a legitimate one. An attacker
could use a forged signature to authenticate like a legitimate user and gain
access to the VPN (and everything protected by this).
While the issue looks like CVE-2012-2388 (RSA signature based authentication
bypass), it is unrelated.
For the stable distribution (squeeze), this problem has been fixed in
version 4.4.1-5.3.
For the testing distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 4.6.4-7.
We recommend that you upgrade your strongswan packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCgAGBQJRf9owAAoJEG3bU/KmdcClCOUIAJrk1tERsSDSH308tjwSnI2O
7iNJGuo2euCKyp160yk2ZJlCfM+n/7j5Bu95bGzr9u7XvPzzoQD9HMdEZ3Tux/8/
FQ54pFqq/xL1btemBYaPNFr92nppiedLLV2e30OzyAvfHMwPdkRwfsU6LypG6Keb
CdljTXadZktCoBPK3hy3z5qNYzN2Ycde3GDFw8hTaYJ+1kZwuTxATpL2+O4YVB+k
ecAVf3d/YFMlHajI/e+YEP6COHV/t6dBlyYcQtAH2DHWu5lsltl5v/68ModhXNP3
rCDfu+boGL/672tuN36hcrQLb6KO7CMqXgmEVu5W2jPFBo+1RVKrQNkjxU63+ys=
=1nHw
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20130430145029.GA8365@scapa.corsac.net
Yeni Evlenecek Çiftlere ve Evini Yenilemek İsteyenlere Müjde
|