funsec mailing list archives
19-DEC-2006 security news wrapup
From: Paul Vixie <paul () vix com>
Date: Tue, 19 Dec 2006 18:34:54 +0000
Demonstrating the Consequences of Cross Site Scripting (XSS) Vulnerabilities http://www.oreillynet.com/onlamp/blog/2006/12/demonstrating_the_consequences.html ... In the case of Cross Site Scripting (XSS), it can be quite cumbersome for a security analyst to come up with a visual demonstration that clearly indicates the consequences of the vulnerability. Security analysts often demonstrate XSS by injecting JavaScript code such as alert('xss'); causing the vulnerable application to display a pop-up window with the word 'xss'. From a technical perspective, such a demonstration does prove the existence of a XSS vulnerability, but it doesn't do much to visually convey the impact and consequence of the issue. While trying to find tools or methodologies that can automate a XSS demonstration, I came across the BeEf tool. ... How Microsoft Fights off 100000 Attacks Per Month http://www.osnews.com/story.php?news_id=16756 Microsoft has long encouraged its employees to 'RAS' into the corporate network from home or from the road to access e-mail, shared files and applications. RAS, short for Remote Access Services, is an old Microsoft term for what most people now call a client VPN. Microsoft, of course, maintains valuable intellectual property on its internal network, including the source code to all its operating systems and applications. These are constant targets for hackers, and Microsoft tries to protect its most valuable assets with defenses in depth; they are behind firewalls and on networks segmented with IPsec. In addition, the entire network is monitored for suspicious activity, scanned for malware and so on. Check Point to tack on NFR Security http://news.com.com/2100-7350_3-6144782.html?part=rss&tag=2547-1_3-0-5 Check Point Software Technologies announced on Tuesday that it plans to acquire NFR Security in a deal valued at $20 million. ... The merger is designed to combine Check Point's SmartDefense with NFR's hybrid detection engine. NFR, based in Rockville, Md., develops technology designed to guard against intrusions such as zero-day attacks and polymorphic buffer overflows. Australia Rules Linking to Copyright Material Also Illegal http://yro.slashdot.org/article.pl?sid=06/12/19/0521206 "A recent ruling in Federal court upheld the ruling that the operator and ISP that hosted the site 'mp3s4free.net' were guilty of copyright infringement violations because they provided access to the copyright material. From the article: 'Dale Clapperton, vice-chairman of the non-profit organization Electronic Frontiers Australia (EFA), explained the ruling as follows: "If you give someone permission to do something that infringes copyright, that in itself is infringement as if you'd done it yourself. Even if you don't do the infringing act yourself, if you more or less condone someone else doing it, that's an infringing act."'" _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 19-DEC-2006 security news wrapup Paul Vixie (Dec 19)