Dark Reading - The Business of IT Security


DATE: October 5 - 10, 2008 LIVE EVENT: Black Hat Japan 2008 More Information

Home > Login

Login

Our RSS Feed is only available to registered users of our web site. If you are a registered user, please login. If you are not, you may register here.

You do not appear to have cookies enabled in your browser. You will not be able to login to our site unless you enable cookies. Our site uses cookies to maintain state while you are logged-in.

If you are a registered user of Dark Reading, enter your username and password below to change your newsletter subscriptions, post to the message boards, or access content available to registered users only.

If you are not yet a registered user of Dark Reading, visit our registration page to sign up and receive the Username and Password you may use to login.

Forgot your Password or Username?

Enter your email address or username below and we will send you an email containing all of your account information.

Two Indicted for DDOS 'Hit' on US Satellite Providers
Survey: Security & Innovation at Odds in the Enterprise
'Super Users' Could Threaten Database Security, Study Says
MORE KEYHOLE

ENTERPRISE VULNERABILITIES

Vulnerability: debian xsabre
Published: 2008-10-03
Severity: HIGH
Description: a certain
debian patch to the run
scripts for sabre (aka
xsabre) 0.2.4b allows local
users to delete or overwrite
arbitrary files via a
symlink attack on
unspecified .tmp files.

Vulnerability: libvirt libvirt
Published: 2008-10-03
Severity: HIGH
Description: libvirt 0.3.3
relies on files located
under subdirectories of
/local/domain in xenstore
despite lack of protection
against modification by xen
guest virtual machines,
which allows guest os users
to have an unspecified
impact, as demonstrated by
writing to (1) ...

Vulnerability: lighttpd lighttpd
Published: 2008-10-03
Severity: HIGH
Description: mod_userdir
in lighttpd before 1.4.20,
when a case-insensitive
operating system or
filesystem is used, performs
case-sensitive comparisons
on filename components in
configuration options, which
might allow remote attackers
to bypass intended access
restriction...

Vulnerability: lighttpd lighttpd
Published: 2008-10-03
Severity: HIGH
Description: lighttpd
before 1.4.20 compares uris
to patterns in the (1)
url.redirect and (2)
url.rewrite configuration
settings before performing
url decoding, which might
allow remote attackers to
bypass intended access
restrictions, and obtain
sensitive information or <...

Vulnerability: linux kernel, redhat fedora
Published: 2008-10-03
Severity: MEDIUM
Description: the
generic_file_splice_write
function in fs/splice.c in
the linux kernel before
2.6.19 does not properly
strip setuid and setgid bits
when there is a write to a
file, which allows local
users to gain the privileges
of a different group, and
obtain sensitive i...

POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)

Antivirus | Application scanning | Application Security | Attacks / Exploits / Threats | Authentication | Botnets | Browser security | Computer crime | Consultants | Cross-site scripting | DOS | Encryption | End-user monitoring | Firewalls | Host Protection | Identity management | Industry Trends | Law enforcement | Legal & Regulatory Topics | Legislation | Malware | Managed services | Market Research | McAfee | Messaging Security | Microsoft | Penetration testing | Penetration testing | Perimeter Security | Phishing | Policy management | Rootkits | Security Administration / Management | Security Industry | Security Services | Social engineering | Spam | Spyware | SQL injection | Storage Security | Symantec | Trojans | User privacy | Viruses | Vulnerabilities | Vulnerability assessment | Vulnerability management | Vulnerability Management | Web application firewall | Web services security

Dark Reader Weekly Newsletter
Dark Reading Daily Newsletter
MORE INFO

Copyright © 2008 United Business Media Limited - All rights reserved.

Privacy Policy | Terms of Use | Help | Back to Top

RSS FEED | ARCHIVE | FREE NEWSLETTER | ORDER REPRINTS | TECHNOLOGY MARKETING SOLUTIONS | TECHWEB | CONTACT US | USER PREFERENCES | HELP

Companies

3Com (17), Aventail (7), CA (18), Check Point (30), Cisco (154), Enterasys (5), F-Secure (10), F5 (5), HP (18), IBM (130), Intel (6), ISS (40), Juniper (36), Alcatel-Lucent (2), McAfee (174), Microsoft (1195), NetIQ (2), Nokia (3), Nortel (6), Oracle (46), Qualys (2), RSA (66), Secure Computing (20), Sun (12), Symantec (295), Trend Micro (29), VeriSign (36)

Application and Perimeter Security

802.11x (46), Anomaly detection (82), Anti-spam (151), Application quality assurance (32), Application scanning (164), Auditing (27), AVDL (1), Buffer overflows (108), CERT (11), Consultants (253), Cross-site scripting (187), CVE (7), Database encryption (56), Digital vaults (8), DOS (217), EAP/LEAP (1), Email gateways (269), Encryption (143), Filtering (56), Firewalls (336), FIRST (1), HIPAA (115), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (15), IDS (176), IM (84), IPS (282), ISO 17799 (8), Key management (72), Least-privilege user (54), License management (32), Malware (1463), NAC (297), Network IDS (36), NIST (18), OWASP (17), OWASP (18), Patch management (330), PCI (225), Penetration testing (262), Phishing (705), PKI (51), Rootkits (111), SAML (2), Software metering (4), Source-code auditing (88), SOX (95), SSL (195), Systems integrators (10), VPNs (268), Vulnerability assessment (891), Web App Security Consortium (8), Web App Security Consortium (18), Web application firewall (101), Web services security (702), WLANs (357), Worms (284), WPA (17), XML (27)

Desktop Security

Anti-spam (151), Antivirus (399), Application Security (1161), Attacks / Exploits / Threats (3134), Authentication (1028), Browser security (789), Digital certificates (84), Digital signatures (56), Disk encryption (63), DRM (58), Encryption (655), File/folder encryption (39), Identity management (411), IM (84), Malware (1463), Messaging Security (548), PGP (6), Phishing (705), Rootkits (111), S/MIME (2), Security Administration / Management (1862), Social engineering (397), Spam (778), Spyware (288), Tokens (74), Trojans (388), User privacy (1667), Viruses (414), VOIP security (134), Vulnerabilities (3453), Vulnerability Management (442), Worms (284)

Discovery and management

Anomaly detection (82), Application scanning (164), AVDL (1), Black Hat (142), COBIT (8), Consultants (253), Content filtering (191), CVE (7), End-user monitoring (306), Filtering (56), FISMA (21), HIPAA (115), Host intrusion prevention (106), Host-based IDS (45), IDS (15), IDS (176), IPS (282), ISACA (1), ISO 17799 (8), Log aggregation (61), Network IDS (36), OWASP (18), OWASP (17), PCI (225), Penetration testing (232), Penetration testing (262), SAML (2), SIM/SEM (225), Source-code auditing (88), SOX (95), Vulnerability assessment (891), Vulnerability management (916), Web App Security Consortium (8)

802.11x (46), Application quality assurance (32), Authentication (1028), Backup security (70), Biometrics (170), Buffer overflows (108), Digital certificates (84), Disk encryption (63), Encryption (655), End-user monitoring (306), HIPAA (115), Host anti-spam (81), Host anti-spyware (107), Host antivirus (125), Host intrusion prevention (106), Host Protection (555), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (15), IEEE (4), ISO 17799 (8), Least-privilege user (54), License management (32), NAC (297), P2P management (36), Patch management (330), PGP (15), Port control (12), Single sign-on (75), Smart cards (88), Software metering (4), SOX (95), Systems integrators (10), TCG (21), Tokens (74), User privacy (1667), Vulnerability Management (442), WPA (17)

Security services

Agency application (2), Application quality assurance (32), Application scanning (164), AVDL (1), COBIT (8), Consultants (253), FISMA (21), HIPAA (115), ISO 17799 (8), Managed services (317), PCI (225), Penetration testing (232), PKI (51), Policy management (508), SIM/SEM (225), Source-code auditing (88), SOX (95), Systems integrators (10)

Storage Security

AES (12), Backup security (70), COBIT (8), Database encryption (56), DES (3), Digital vaults (8), Disk encryption (63), Encryption (143), File/folder encryption (39), FIPS-140-2 (1), FISMA (21), Hashing algorithms (17), HIPAA (115), Host/server encryption (9), Identity management (125), ISO 17799 (8), Key management (72), Law enforcement (1142), Legislation (362), Offsite backup (27), PCI (225), PKI (51), SOX (95), Stored data losses (355), Systems integrators (10), Triple DES (3), User privacy (1667)

Wireless Security

802.11x (46), AES (12), Auditing (27), COBIT (8), Credential service provider (13), DES (3), Digital certificates (84), Digital signatures (56), DOS (217), EAP/LEAP (1), FISMA (21), Hashing algorithms (17), HIPAA (115), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (72), NAC (297), Network IDS (36), PCI (225), Penetration testing (232), PKI (51), Port control (12), Tokens (74), Triple DES (3), VPNs (268), Vulnerability assessment (891), WLANs (357), WPA (17)

InformationWeek Business Technology Network

Techweb Events Network

Light Reading Communications Network

Financial Technology Network

Advanced Trading

Bank Systems & Technology

Insurance & Technology

Wall Street & Technology

Accelerating Wall Street

Bank Systems & Technology Executive Summit

Buyside Trading Summit

Microsoft Technology Network

MSDN Magazine

TechNet

The Architecture Journal