Vulnerability Management
Page 1 of 41234

May 15th, 2008

Comments: 0
Category: Vulnerability Management
Read More

When is a debian user not a debian user?

So lots of people have commented on the potentially very nasty crypto bug in OpenSSL on debian Linux (and derivatives, including Ubuntu) with the good advice of patching and regenerating your SSH keys… Only thing is, what if you don’t have access to the shell to do exactly that….? What if you don’t even know […]

Mar 5th, 2007

Comments: 0
Category: Vulnerability Management
Read More

Holy Apples to Oranges Comparison Batman

Security Scanners Comparison Test Results | SecGuru Why do organisations persist in comparing tools that aren’t in the same market… Lets look at this little list We’ve got O/S Vulnerabilty scanners, Port scanners and Website Vulnerability scanners… how can you compare a network portscanner to a tool that looks for SQL unjection vulns in websites…

Feb 11th, 2007

Comments: 0
Category: Vulnerability Management
Read More

Very nasty solaris telnet bug

There’s some information on a very nasty Solaris telnet vulnerability over at the Computer Defense blog. Now hopefully this’ll have limited impact ’cause all the solaris admins out there are running SSH already… Doubt it though, I’ve heard quite a few unix/router guys argue against dropping telnet in the past, so there’s probably quite a […]

Jan 25th, 2007

Comments: 0
Category: Vulnerability Management
Read More

Cisco code execution Vulnerability

This advisory on Cisco’s site could be very nasty. It appears that there’s a vulnerability in IOS that can be exploited by sending crafted packets, and can result in DoS or remote code execution. If an exploit for this becomes available then expect a lot of problems…

Nov 21st, 2006

Comments: 0
Category: Vulnerability Management
Read More

More on Database vulnerability numbers

There’s some more data on comparing Oracle and MS SQL server vulnerability levels over at michael Howards blog. There’s a link to a study by David Litchfield on the numbers here which pretty much comes to a similar conclusion to looking at the secunia numbers, but does a more accurate job of analysing the findings […]

Nov 17th, 2006

Comments: 0
Category: Vulnerability Management
Read More

Database Vulnerability numbers

There’s a post over at Michael Howards Blog about a study showing that Microsoft SQL Server has a better security record than Oracle or MySQL. Whilst I agree with the overall point, SQL server (especially 2005) is waay better than Oracle/MySQL on the security front, the numbers this study uses seem odd.. They’ve not specified […]

Apr 24th, 2006

Comments: 0
Category: Vulnerability Management
Read More

Security flaws in OSX

Security-Protocols :: The Bug Hunters Blog – Latest on OS X research.. Post about some serious security flaws in OSX, found by a security researcher. I must say, I’m not surprised. There’s not been a lot of focus on security of Apple products in the past, but it seems that when it comes, with the […]