NEWS: Cisco Secure Desktop vulnerability
Monday, 26 April 2010 22:57

 

 

New Cisco flaw that after the problems related to the  SIP protocol on ISO version 12.x has again stumbled into something decidedly uncomfortable. The Cisco advisory announcing the criticality of the bugs found and the affected software version is the Secure Desktop version 3.5.841.

 

The details of the problem are derived from the following Security Advisory:

 

`` A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system. This vulnerability is documented in Cisco Bug ID CSCta25876 ( registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0589. ``

 

It's basically an exploit that allows an attacker to execute arbitrary code under the same privileges currently granted to that user on the local machine using a Actice X control that fails to monitor the integrity of an executable being used installation.

 

 

More details you can find at these locations:

Security Advisory | Vulnerability report ( PDF )


Read 1 Comments... >>
 
Certified E-Mail PDF Print
Saturday, 28 November 2009 10:10

 

 

The Certified E-Mail is a tool that allows you to give to an email message, the same value as a traditional mail with return receipt.

 

What does certified mail?

Sending an email there are two main roles, which are the transmission and reception of the message (excluding for obvious reasons behind the procedures), and when that transaction takes place, first sending the mail itself, means providing the sender from your email client, a receipt is legal proof of postage of the message and any documentation accompanying it.

 

Is required to have the certified mail?

On 29 November 2009 by Decree Law "Crisis" provides that members of an accredited professionals (surveyors, engineers) and companies, to implement, no later than one year and within three years after entry into force of the law, a box certified electronic mail.

 

Furthermore it should ensure communication at dawn or membership list and to register, all according to Law.

The newly created companies will require certified by email immediately when it is formed.

 

Information and Support

As for the support you can advise the Contact section at the top of the site otherwise send an email to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it for clarification, costs.

 

 

Additional references:

Wikipedia


Read 0 Comments... >>
 
Call of Papers: Conference on Free Software PDF Print
Friday, 23 April 2010 21:44

 

 

Important backdrop to the Free Software 11 and June 12 in Cagliari hosting the Fourth Italian Conference on Free Software. Carrying out a movement that increasingly seeks to make room on today's technological environment, previous editions, Bologna 2009, Trent 2008 and Cosenza 2007, have undoubtedly led to less ignorance in dealing with this type of ideology in previous years, and still lives aspects varied greatly.

The task of these conferences, but especially and the vast majority of people who believe in this movement, need to spread knowledge and make it available to the community in a free software or not. Collaboration is the basic premise for solving any problem that needs to be addressed several times.

 

Topics of interest are varied, covering all possible areas related to Free Software, by economic, legal and technical, to those ethical, social and philosophical. Here is a comprehensive mining track of interest according to the Conference:

 

Track associations:

  • stato delle traduzioni e degli adattamenti per l’utenza Italiana;
  • organizzazione di eventi pubblici;
  • collaborazione fra associazioni.

Track developer:

  • progetti italiani di sviluppo: novità, status;
  • report da conferenze ed eventi;
  • Strumenti ed infrastrutture per lo sviluppo di Software Libero;
  • Sistemi embedded liberi.

Track companies:

  • Software libero nelle aziende e per le aziende;
  • Hardware, Software e Servizi “Made in Italy”;
  • Sistemi di larga scala basati su Software Libero (Database, ERP, Sistemi Informativi, …).

Track Organizations/School:

  • Casi d’uso nella sanità, e-government;
  • Uso di Software Libero nella Scuola;
  • Corsi nelle Scuole e nelle Università sul software libero;
  • Esperienze ECDL Free (non Free ECDL!).

Track Filosofical - Legal - Sociological:

  • Aspetti filosofici e politici del Software Libero;
  • Dinamiche Socio-culturali nel Software Libero o ispirate allo stesso;
  • Usabilità, Scalabilità, Manutenibilità del Software Libero;
  • Licenze, aspetti giuridici e legislazione.

Track Open Content:

  • Esperienze di produzione e gestione di Contenuti Aperti
  • Prospettive sui Contenuti Aperti
  • Dati e formati aperti per l'Open Government.

 

Reference notes so that the works are published in the ideology proper scope of the scenario:

" All the software presented in the conference must have a free license (approved FSF) or Open Source (OSI). Articles must have license that allows the free publication and use and allow the generation of derivatives. Examples of licenses accepted: CC (Attribution, ShareAlike) FDL. "

 

For a better knowledge and details on the conference, please read this warning this address.


Read 1 Comments... >>
 
NEWS: Cisco IOS SIP vulnerability
Friday, 09 April 2010 11:54

 

 

As reported by Secunia and dall'Advisory Cisco routers with IOS, especially those with version 12.x are subject to a vulnerability in the SIP protocol that allows a DDOS at worst and arbitrary remote code execution.

The security expert Thomas Kristensen strongly advised to upgrade their IOS or download the patch. Who has not been possible to update the IOS should disable SIP resulting non-use of the item configured on the router.

 

We strongly recommend that you update your router to the latest version or contact technical support specialist.

 

 

The following links announcing the issue with a resolution:

http://secunia.com/advisories/39068/

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml

 

This article in pdf format you can find the current router bug:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.pdf

 

For completeness, you can view the other 10 vulnerabilities in the advisory published by Cisco itself:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml


Read 0 Comments... >>
 
More Articles...
<< Start < Prev 1 2 3 4 5 6 7 Next > End >>

Page 2 of 7
Copyright © 2010 www.homelinux.us. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
Creative Commons License
The contents of this work are published under Creative Commons License.