Xen CVE-2013-0151 Local Denial of Service Vulnerability

GCI to distribute BCS-accredited IA training to combat skills shortage
IDG News Service
o Nermin Bajric 06.09.2013 kl 13:16 | ARN. Tweet. IT examination services provider, Global Certifications Institute (GCI), has introduced a range of new Information Assurance (IA) examinations in partnership with InfoSec Skills to combat local skills ...

and more »

Thursday's revelation that US and British intelligence agencies are able to decode most Internet traffic was a transforming moment for many, akin to getting definitive proof of intelligent extraterrestrial life. It fundamentally changed the assumptions that many of us have about the tools hundreds of millions of people rely on to shield their most private information from prying eyes. And it challenged the trust placed in the people who build and provide those tools.

But the reporting from the New York Times, ProPublica, and The Guardian was short on technical details about exactly how cryptographic technologies such as virtual private networks and the secure sockets layer (SSL) and transport layer security (TLS) protocols are bypassed. As stated recently by Edward Snowden, the former National Security Agency (NSA) contractor who leaked highly classified documents leading to the reports, "Encryption works. Properly implemented strong crypto systems are one of the few things you can rely on." How is it, then, that agents from the NSA and its British counterpart known as the Government Communications Headquarters (GCHQ) are reportedly able to bypass the crypto protections provided by Internet companies including Google, Facebook, Microsoft, and Yahoo?

The short answer is almost certainly by compromising the software or hardware that implements the encryption or by attacking or influencing the people who hold the shared secrets that form one of the linchpins of any secure cryptographic system. The NYT alludes to these techniques as a combination of "supercomputers, technical trickery, court orders, and behind-the-scenes persuasion." The paper went on to refer to technologies that had been equipped with backdoors or had been deliberately weakened. Snowden put it slightly differently when he said: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around" encryption. Exploiting the implementations or the people behind these systems can take many forms. What follows are some of the more plausible scenarios.

Read 7 remaining paragraphs | Comments



Microsoft released its pre-announcement for the upcoming patch Tuesday. The summary indicates 14 bulletins total, 4 are critical all with remote code execution and 10 Important with a mix of remote code execution, Denial of Service and elevation of privileges. The announcement is available here.

[1] http://technet.microsoft.com/en-us/security/bulletin/ms13-sep


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Many of us truly feel sick and tired in addition to serious pain when putting on shoes or boots full time of day or even subsequent to exercising plus go walking for long periods of one's. Invariably you should athletic shoes which might be at ease in addition to has gentle exclusive. It is somewhat necessary give protection to you mainly because these are definitely extremely gentle and might in addition secure impairment just by being dressed in improper black-jack shoe. ghd hair straighteners
After a successful lift off late Friday night, NASA's lunar orbiter is powered up, communicating and on its way to the moon.
A federal judge rejected government regulators' demand that Apple waive its 30% commission on all in-app e-book sales by third-party retailers, including Amazon, for two years.
The Samsung Galaxy Gear and the Qualcomm Toq are not starting smartwatch revolution you've been waiting for, writes Mike Elgan. Not to worry though, a flood of devices are coming next year.

InfoSec Skills Partners with Global Certification Institute (GCI) to ...
Exec Digital
InfoSec Skills has entered into a partnership agreement with Australia's leading certification and examination services provider to launch a new certification scheme in Information Assurance for the Asia Pacific marketplace. This incorporates ...

TYPO3 File Handling Security Bypass Vulnerability
APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4
APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4
CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals
Internet Storm Center Infocon Status