Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for July 12th, 2010

« Older Entries

Third-party software bugs skyrocket in 2010

By admin on Monday, July 12th, 2010 | No Comments

Computerworld - A surge in third-party software vulnerabilities accounted for the bulk of a ballooning bug count in the first half of 2010, said Danish security firm Secunia today.

The increasing number of flaws uncovered in non-Microsoft software puts users at risk because few third-party vendors offer automated update services, requiring people to seek out updates, then manually download and install patches.

“We were astonished to see the extent of the vulnerabilities in third-party software,” said Stefan Frei, research analyst director at Copenhagen-based Secunia. “The jump in vulnerabilities was almost exclusively due to third-party applications, not Microsoft’s.”

Frei analyzed Secunia’s vulnerability database — the company is best known for tracking bugs and issuing advisories — and collected information on the average Windows PC’s application inventory using Secunia’s PSI (Personal Software Inspector). PSI is a free tool that scans PCs to produce a list of vulnerable

Read the rest

Read More...

BlackBerry Addicts: Download This App Before You Lose Your Phone

By admin on Monday, July 12th, 2010 | No Comments

Despite the ever-encroaching horde of iPhones and Android devices, the dominance of the BlackBerry in the business world means Research In Motion’s phones likely still carry more of the world’s ultra-sensitive data than either of those flashier platforms. So it ought to reassure “CrackBerry” addicts that RIM is making their devices easier to track and secure.

On Monday, BlackBerry announced BlackBerry Protect, a free application that users can access over the Web when they’ve lost their phone or had it stolen. The app allows a wayward phone to be tracked with GPS, sent contact and reward information that will display on the screen for anyone who finds it, or backed up, locked, and wiped of any data. It can also trigger a loud alarm to find a misplaced phone, even if the device is in silent mode.

Many of those features were already available to

Read the rest

Read More...

Oracle to issue 59 critical patches

By admin on Monday, July 12th, 2010 | No Comments

IDG News Service - Oracle on Tuesday will release 59 patches to fix security weaknesses affecting hundreds of products, according to a notice on its Web site.

Twenty-one of the vulnerabilities affect products related to Solaris, the Unix operating system Oracle acquired through its purchase of Sun Microsystems. Seven of them can be exploited remotely over a network without requiring a password or username, Oracle said.

Among the Solaris products in question are OpenSSO, Solaris Studio, Sun Convergence and Glassfish Enterprise Server.

The update also includes 13 patches for Oracle’s database product line. Seven are for remotely exploitable vulnerabilities in the TimesTen in-memory database component and the Secure Backup product. Those weaknesses received CVSS (Common Vulnerability Scoring System) scores of 10.0, the most severe on the scale.

Seven other fixes target Fusion Middleware products. Another 16 are for E-Business Suite,

Read the rest

Read More...

Friction-Free Security

By admin on Monday, July 12th, 2010 | No Comments

As security professionals, we want our network to be as secure as possible. The exception is if we’re hired to break into it, but at the end of breaking in, our job is to help secure it to prevent future break-ins. The problem is that in securing our networks, it’s not all that uncommon to forget about the user and the “business” in the process.

We get excited about features like security posture assessment checks for the machine plugging into the network or connecting via the VPN. Being able to prevent unpatched laptops with outdated antivirus from connecting to our network is great, but we forget that the machines connecting in that might be from a contractor or business partner who doesn’t have administrative privileges and cannot apply updates to their system.

If they can’t connect, they can’t work, and security just became the bad guy… Read the rest

Read More...

SB10-193: Vulnerability Summary for the Week of July 5, 2010

By admin on Monday, July 12th, 2010 | No Comments

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be

Read the rest

Read More...
« Older Entries